Analysis
-
max time kernel
16s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 11:07
Behavioral task
behavioral1
Sample
cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe
-
Size
898KB
-
MD5
cde3f969b78fcc20cd33b80b123e71a0
-
SHA1
8e33e84b3ce0fdf43705678d1c28c6322db63d0f
-
SHA256
de185780ec10f6997b19cbdbb584ba5e4df4fec2d5c914a4c163912c6e4f6b24
-
SHA512
f8634dbe3100f8cebdd2c0fdfb4fdaf069564a34c34248dfd1223d24e1b9e6f0f1d63f69e7ce2ca2426896fc79b333776cb701b93e963ab60a022d647e213ac1
-
SSDEEP
12288:VEQoSmB9ANtegnn/hAMI1+YucZw+rrFHmnUbvoFTVIiv7dwHGkyNELmFRTktpSqc:VM9ZgnJeJ7FHBbvoFR7eFoetVsIDg9
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 16 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4932-0-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/files/0x00070000000233e7-5.dat upx behavioral2/memory/548-93-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2784-163-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2012-162-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/724-183-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4184-182-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3860-184-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1320-185-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1392-186-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4024-188-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2740-187-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3656-190-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3452-189-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1176-191-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/688-193-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4932-192-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2360-195-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/548-194-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2784-198-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2012-197-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4184-200-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2076-199-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3400-205-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2116-207-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3860-204-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1452-203-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4300-202-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/724-201-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1320-206-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2892-210-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1756-212-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4024-211-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2740-209-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1392-208-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1652-217-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1176-216-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4784-215-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3656-214-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3452-213-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4500-219-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/688-218-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3488-223-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4736-222-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4132-221-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2360-220-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3336-226-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1472-225-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2076-224-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4632-248-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2776-245-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2116-244-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4796-235-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4644-247-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2892-246-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/2296-243-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3400-242-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/5096-241-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3676-240-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3968-239-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1928-238-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/4272-237-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/1920-236-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral2/memory/3056-250-0x0000000000400000-0x000000000041F000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\W: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\X: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\Z: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\Y: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\B: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\H: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\K: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\Q: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\U: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\O: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\S: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\A: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\E: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\G: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\I: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\J: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\T: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\L: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\M: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\N: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\P: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File opened (read-only) \??\R: cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Drops file in System32 directory 12 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\Temp\danish action beast girls hole leather (Jade).rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\bukkake sleeping glans blondie .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian porn sperm several models girly .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish handjob fucking lesbian lady .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\indian fetish sperm catfight sweet .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\xxx [milf] glans (Kathrin,Jade).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IME\SHARED\sperm masturbation .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\indian gang bang gay [milf] .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\african hardcore voyeur beautyfull .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IME\SHARED\bukkake licking hairy (Ashley,Sylvia).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish porn gay hot (!) lady .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish porn horse sleeping .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Drops file in Program Files directory 17 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian handjob horse public .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Temp\hardcore girls feet .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese horse fucking hot (!) castration .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\russian cum gay full movie .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\blowjob several models .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob [free] feet boots .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian cum hardcore hot (!) beautyfull .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian handjob trambling sleeping .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish horse trambling sleeping .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\action fucking catfight hole .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish porn fucking sleeping shower .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian kicking lingerie masturbation .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\russian action lingerie girls (Sarah).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Updates\Download\sperm [free] feet .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob full movie (Curtney).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Update\Download\gay uncut shoes (Gina,Samantha).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black beastiality blowjob full movie hairy .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\trambling [free] titts .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\handjob beast [bangbus] glans .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia horse uncut YEâPSè& .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gang bang hardcore hidden (Curtney).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\german bukkake [milf] penetration .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\swedish fetish gay big feet mistress .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish action lesbian catfight cock .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\swedish handjob fucking uncut (Curtney).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\sperm [bangbus] shower .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\african blowjob hidden boots .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\brasilian action hardcore masturbation hole .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian gang bang sperm hidden titts gorgeoushorny (Tatjana).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling full movie glans penetration .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish cumshot trambling hidden glans YEâPSè& (Samantha).mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\handjob lesbian hidden black hairunshaved .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\japanese horse hardcore [bangbus] (Samantha).rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\xxx [free] glans .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\hardcore hot (!) ash .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\spanish blowjob big hole swallow (Tatjana).rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\gay catfight mistress .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\assembly\tmp\brasilian kicking gay public bedroom (Britney,Janette).mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\CbsTemp\black porn hardcore hot (!) (Sylvia).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\action bukkake hidden cock bedroom .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish lingerie uncut pregnant (Sandy,Liz).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\kicking beast full movie glans .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\nude fucking masturbation hole (Ashley,Janette).mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese action bukkake big .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\PLA\Templates\indian kicking bukkake sleeping feet .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian bukkake uncut .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia blowjob big (Jade).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\swedish kicking gay several models cock stockings (Melissa).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian fetish trambling licking cock mature (Karin).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\security\templates\tyrkish cum hardcore lesbian .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SoftwareDistribution\Download\danish cumshot blowjob full movie .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang lingerie big pregnant .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\xxx full movie latex .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\asian beast big (Liz).rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\hardcore masturbation titts (Britney,Janette).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish cum bukkake several models (Sylvia).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\trambling lesbian titts .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\fetish sperm uncut hole .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\american porn hardcore licking wifey .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\mssrv.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian kicking beast public (Curtney).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie big .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\trambling [free] feet wifey (Liz).mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx voyeur feet castration .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\indian handjob gay hot (!) .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\brasilian cumshot fucking public titts castration (Tatjana).zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\indian gang bang fucking [bangbus] (Liz).mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\german trambling masturbation cock (Christine,Tatjana).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian nude bukkake several models cock balls (Liz).mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\porn lesbian several models mistress .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\american fetish lingerie lesbian fishy (Kathrin,Samantha).avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay uncut shower .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\asian lingerie [free] hole femdom .zip.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling licking mistress .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\porn beast girls .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\german lesbian catfight Ôï .mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african sperm hidden young .avi.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\animal beast full movie titts hotel .rar.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african beast [free] titts circumcision .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\fetish hardcore sleeping .mpeg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\russian porn hardcore girls titts hotel (Liz).mpg.exe cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1392 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1392 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2740 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2740 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4024 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 4024 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3656 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3656 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3452 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3452 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1176 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1176 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 688 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 688 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2360 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2360 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2076 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 2076 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4932 wrote to memory of 548 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 81 PID 4932 wrote to memory of 548 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 81 PID 4932 wrote to memory of 548 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 81 PID 548 wrote to memory of 2012 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 82 PID 548 wrote to memory of 2012 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 82 PID 548 wrote to memory of 2012 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 82 PID 4932 wrote to memory of 2784 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 83 PID 4932 wrote to memory of 2784 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 83 PID 4932 wrote to memory of 2784 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 83 PID 4932 wrote to memory of 4184 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 84 PID 4932 wrote to memory of 4184 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 84 PID 4932 wrote to memory of 4184 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 84 PID 548 wrote to memory of 724 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 85 PID 548 wrote to memory of 724 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 85 PID 548 wrote to memory of 724 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 85 PID 2784 wrote to memory of 3860 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 86 PID 2784 wrote to memory of 3860 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 86 PID 2784 wrote to memory of 3860 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 86 PID 2012 wrote to memory of 1320 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 87 PID 2012 wrote to memory of 1320 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 87 PID 2012 wrote to memory of 1320 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 87 PID 4932 wrote to memory of 1392 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 88 PID 4932 wrote to memory of 1392 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 88 PID 4932 wrote to memory of 1392 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 88 PID 4184 wrote to memory of 2740 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 89 PID 4184 wrote to memory of 2740 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 89 PID 4184 wrote to memory of 2740 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 89 PID 548 wrote to memory of 4024 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 90 PID 548 wrote to memory of 4024 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 90 PID 548 wrote to memory of 4024 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 90 PID 2784 wrote to memory of 3656 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 91 PID 2784 wrote to memory of 3656 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 91 PID 2784 wrote to memory of 3656 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 91 PID 2012 wrote to memory of 3452 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 92 PID 2012 wrote to memory of 3452 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 92 PID 2012 wrote to memory of 3452 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 92 PID 724 wrote to memory of 1176 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 93 PID 724 wrote to memory of 1176 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 93 PID 724 wrote to memory of 1176 724 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 93 PID 3860 wrote to memory of 688 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 94 PID 3860 wrote to memory of 688 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 94 PID 3860 wrote to memory of 688 3860 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 94 PID 1320 wrote to memory of 2360 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 95 PID 1320 wrote to memory of 2360 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 95 PID 1320 wrote to memory of 2360 1320 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 95 PID 4184 wrote to memory of 2076 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 96 PID 4184 wrote to memory of 2076 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 96 PID 4184 wrote to memory of 2076 4184 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 96 PID 4932 wrote to memory of 4300 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 97 PID 4932 wrote to memory of 4300 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 97 PID 4932 wrote to memory of 4300 4932 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 97 PID 1392 wrote to memory of 1452 1392 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 98 PID 1392 wrote to memory of 1452 1392 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 98 PID 1392 wrote to memory of 1452 1392 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 98 PID 548 wrote to memory of 3400 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 99 PID 548 wrote to memory of 3400 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 99 PID 548 wrote to memory of 3400 548 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 99 PID 2740 wrote to memory of 2116 2740 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 100 PID 2740 wrote to memory of 2116 2740 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 100 PID 2740 wrote to memory of 2116 2740 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 100 PID 2784 wrote to memory of 4644 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 101 PID 2784 wrote to memory of 4644 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 101 PID 2784 wrote to memory of 4644 2784 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 101 PID 2012 wrote to memory of 2892 2012 cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:548 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2360 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:3336
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:5188
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:9508
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"9⤵PID:17060
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:12800
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:16824
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:6780
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:13536
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:18800
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:8912
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:17768
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:13020
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17068
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:2296
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:7896
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:17928
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:10836
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12452
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17376
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:5976
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:13068
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:18032
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7972
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:19656
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9732
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12556
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17400
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:9592
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:17776
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12468
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17124
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7036
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12868
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:16640
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9028
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17872
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12916
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:2572
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:3164
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9224
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17864
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12848
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18256
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6028
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12972
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17192
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8316
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19780
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13116
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18680
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3452 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:4736
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:5296
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:9644
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:16772
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12736
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:16632
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:6912
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:14960
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:20628
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9180
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:1896
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12988
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17024
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:6972
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12900
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:4200
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9004
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17848
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12924
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18272
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6004
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12824
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16508
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8196
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16600
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:11148
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12544
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18264
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5556
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:10948
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12648
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16148
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6948
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:14108
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19868
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10224
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16780
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12444
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17368
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7576
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17976
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10872
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12680
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:16652
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5792
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10880
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12688
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18008
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:7268
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:14672
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5288
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10648
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12728
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16120
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1176 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:5616
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:10992
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12636
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:16136
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7128
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:14640
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:19852
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9996
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17156
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12760
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18024
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:4860
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7004
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:14680
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:19936
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9068
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17952
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12964
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17184
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6076
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12808
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19124
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8244
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19904
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:11152
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12576
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:19888
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5352
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9524
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:18964
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:13340
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18240
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7084
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:13052
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17028
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9812
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17164
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12768
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:16536
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6528
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:14612
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19836
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8740
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17920
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13028
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12416
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6320
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:14624
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18784
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8504
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17832
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:13084
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:18040
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4024 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5436
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9064
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17960
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:13012
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18328
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7044
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:14632
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18824
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8940
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19896
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12884
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:4156
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4632
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7460
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19788
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10704
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12460
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17392
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5996
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13060
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18808
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8212
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18476
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10784
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12592
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16084
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:3400
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5708
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:11000
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12660
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18312
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:7260
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:19796
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10232
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:15648
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12484
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17340
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:3968
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8180
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17840
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10732
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12604
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16092
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:5956
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:14648
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:19844
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:8276
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:19928
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:11520
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12420
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:17108
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3860 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:688 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:5484
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:9476
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"8⤵PID:17172
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:12792
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:16788
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7144
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:13520
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:18336
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:10116
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17748
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12744
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16128
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:7616
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:19820
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:10856
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12696
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18320
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6036
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12892
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17180
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8228
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17968
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:11360
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12520
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18288
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4784
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5444
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9600
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17044
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12776
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16548
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7028
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:13044
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17076
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9092
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16520
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12948
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17004
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6228
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19828
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10712
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12492
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17352
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6084
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12980
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17148
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8236
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17912
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10936
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12564
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:18000
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3656 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4132
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5368
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9232
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:1988
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:13004
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19772
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7056
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:14656
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19920
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9020
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17904
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12932
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18816
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:4900
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:6992
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:14120
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18832
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9012
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9340
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12908
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:16996
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6020
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12832
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:16816
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8220
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:19116
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:11376
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12436
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17332
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:4644
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5240
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9372
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:3772
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12840
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17216
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6804
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:14664
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:20620
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8928
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17992
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12860
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16500
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:7012
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13544
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18168
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:9040
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17896
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12940
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17000
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:6092
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:14264
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:19860
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:8268
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:18456
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:11368
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12536
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:17384
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4184 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:2116
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:5360
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:9516
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"7⤵PID:17984
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:12816
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:16540
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7020
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19804
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9080
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18956
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12956
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17020
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:1928
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:7252
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:19384
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:9052
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:17040
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12752
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:16756
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6012
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13076
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18248
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8204
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:19812
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10780
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12428
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17116
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5564
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:10900
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12712
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18304
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:7076
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13528
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:19912
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:9804
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:2488
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12476
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17360
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:5096
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6768
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:13368
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18792
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8848
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17856
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:13036
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:19752
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:6104
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:13348
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:18280
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:8328
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17752
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:13124
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:20344
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:1452
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:8392
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"6⤵PID:18344
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:12996
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17200
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:6724
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:14604
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:18840
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:8920
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:4824
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12876
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16892
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:7584
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"5⤵PID:17888
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:10864
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12668
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16660
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:5988
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:13500
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:18016
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:7980
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16592
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:10792
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12584
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:16680
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:5824
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:11256
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:12616
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:16104
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:7800
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17936
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:10892
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12720
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:16984
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:3676
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:7668
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"4⤵PID:17944
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:10848
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12704
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:18296
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:6292
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:12784
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:16584
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:8252
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"3⤵PID:17880
-
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:11352
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:12500
-
-
C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cde3f969b78fcc20cd33b80b123e71a0_NeikiAnalytics.exe"2⤵PID:17324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob [free] feet boots .rar.exe
Filesize823KB
MD5a0ea268bd10d341ccf180843d1bf4280
SHA1eb2b229d31655ee61999e394f6d86374688d6762
SHA25666813976a65a36687468499fee61030a18c0a55897c033e9be69eca3fd854058
SHA5123ef38bc1041c3c3d164de8e4e230a240e3bf8d20cb7c2d8505042ef0944364aa1b62e1548213b9ef04aa64f2aa8819c399f9b5b6f916b9302147034048fee687