Analysis
-
max time kernel
16s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 10:55
Behavioral task
behavioral1
Sample
cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe
-
Size
2.0MB
-
MD5
cb96877124bb3fbfd06a5b47db00c130
-
SHA1
c59fcde6349de9d0e2517a7c874a7052265e97ca
-
SHA256
8a9326749dafbc6bdfbc634517e26c077e6f64135691411e2e74e9c2c021c03c
-
SHA512
d0bad08b66ef6a99b85a86bee65a3dd44e85064b0289d4c7c943c9333ce1d93327df0ae050093ca98e30cb02f83dd2583f8adcd31888991e56233947ed55d21b
-
SSDEEP
49152:N2x+JgwVxWqaYRPfyFgBrfz3KF39Xd0fLcn7sGCS9:N2wJgixWqpykKztc/6
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 24 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/5060-0-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/files/0x000a0000000233bc-5.dat upx behavioral2/memory/1740-19-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3596-154-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/592-153-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2928-185-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4632-188-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4680-187-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3840-186-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3824-190-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1428-189-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3720-191-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/972-192-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4528-193-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1152-196-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2740-195-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3152-194-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/800-200-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1740-201-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4912-206-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1628-204-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4632-209-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4680-208-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3824-212-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1428-211-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4936-210-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3840-207-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2928-205-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3596-203-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/592-202-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4048-199-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5060-198-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3720-213-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/972-214-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4408-215-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3692-217-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4528-216-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4048-221-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2740-219-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3152-218-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1152-220-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4396-232-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3576-231-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2136-230-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4792-229-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/260-228-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2736-227-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3816-226-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/800-225-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/1192-239-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3132-238-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2956-237-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4032-236-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4916-235-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/628-234-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4892-233-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5640-240-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5796-242-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/4936-241-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3692-243-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5972-248-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5964-247-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5956-246-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/5896-245-0x0000000000400000-0x000000000041E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\E: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\G: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\H: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\K: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\Q: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\V: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\B: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\R: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\S: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\W: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\X: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\I: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\N: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\T: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\Z: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\J: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\L: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\M: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\O: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\P: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\U: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File opened (read-only) \??\Y: cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Drops file in System32 directory 12 IoCs
description ioc Process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast hidden shoes .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IME\SHARED\japanese fetish fucking hot (!) lady .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american action lingerie hidden .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american fetish lingerie public feet shoes (Sarah).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\gay full movie hole .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\indian fetish lingerie [free] cock sweet (Sarah).mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake voyeur feet .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\indian cumshot lesbian [bangbus] feet .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\trambling big titts sm .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\System32\DriverStore\Temp\russian gang bang bukkake [bangbus] hairy (Jenna,Samantha).mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\spanish fucking girls .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IME\SHARED\fucking hot (!) hole (Sonja,Jade).zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Drops file in Program Files directory 18 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay [milf] .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian fetish hardcore big pregnant .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Updates\Download\gay masturbation glans young .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum xxx [bangbus] (Janette).mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\american beastiality fucking public feet YEâPSè& .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Update\Download\russian horse fucking [bangbus] (Curtney).mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\bukkake [milf] boots .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast girls shower .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Microsoft\Temp\blowjob hidden feet .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french fucking [bangbus] hole wifey (Sarah).mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Temp\chinese gay girls upskirt .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake girls traffic .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian nude lingerie full movie circumcision .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese horse bukkake full movie (Liz).mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking full movie glans shower (Melissa).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore public glans .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\tyrkish animal xxx masturbation (Jade).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\hardcore catfight feet .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lesbian uncut ejaculation .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\cum bukkake [milf] titts blondie .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french trambling [bangbus] titts upskirt .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\xxx masturbation .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\PLA\Templates\trambling several models feet 40+ .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia hardcore catfight hole wifey .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\malaysia beast girls Ôï (Gina,Janette).mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fucking girls ash .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beastiality trambling lesbian shoes .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake girls YEâPSè& (Anniston,Samantha).rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\blowjob uncut hole .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\blowjob several models bedroom .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese porn lesbian [milf] (Janette).zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\trambling [bangbus] .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\chinese gay hot (!) cock .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lingerie sleeping .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cum horse sleeping feet high heels .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\spanish lingerie uncut shower (Sandy,Samantha).mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\chinese blowjob masturbation black hairunshaved .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian action lesbian licking hairy (Sandy,Tatjana).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\blowjob [milf] (Curtney).rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\bukkake [free] hole .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\cum bukkake lesbian leather .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse horse hot (!) wifey (Gina,Samantha).rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gay masturbation stockings .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lingerie [free] .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\xxx catfight lady .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\action sperm [bangbus] titts ejaculation .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\french lingerie [free] lady .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\german fucking hidden hole .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\gang bang beast lesbian black hairunshaved .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish xxx catfight .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\japanese gang bang lingerie licking glans latex (Curtney).mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast several models glans upskirt .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\security\templates\blowjob [free] (Jade).rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang lesbian full movie (Sarah).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\fetish horse sleeping glans castration .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\japanese cum trambling public blondie .rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\nude sperm voyeur pregnant .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\hardcore catfight ejaculation .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\SoftwareDistribution\Download\american animal lesbian hidden castration .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay big hole blondie (Melissa).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\cumshot sperm public .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\nude lesbian several models hole (Kathrin,Janette).rar.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\american kicking lingerie full movie cock black hairunshaved (Sylvia).zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\american fetish sperm hidden hole sweet .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\gay lesbian ejaculation .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\norwegian horse girls titts stockings .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\indian horse gay catfight black hairunshaved .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\russian action gay voyeur cock 50+ .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude bukkake sleeping titts bedroom .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\kicking xxx hidden young (Christine,Tatjana).zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\french fucking hot (!) ash .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese animal trambling [milf] cock .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\black horse gay masturbation hole gorgeoushorny .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese gang bang lesbian hot (!) (Karin).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\black animal hardcore hot (!) high heels .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish xxx sleeping cock beautyfull (Liz).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\black beastiality gay masturbation titts .zip.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian cum sperm voyeur feet .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\japanese cumshot beast girls mature .mpg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\french beast uncut pregnant .avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\black cumshot xxx masturbation lady (Sonja,Janette).avi.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie girls circumcision .mpeg.exe cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1428 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1428 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3824 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3824 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3720 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3720 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 972 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 972 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4528 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4528 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3152 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3152 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1152 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 1152 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 2740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4048 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 4048 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5060 wrote to memory of 1740 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 85 PID 5060 wrote to memory of 1740 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 85 PID 5060 wrote to memory of 1740 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 85 PID 5060 wrote to memory of 592 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 88 PID 5060 wrote to memory of 592 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 88 PID 5060 wrote to memory of 592 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 88 PID 1740 wrote to memory of 3596 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 89 PID 1740 wrote to memory of 3596 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 89 PID 1740 wrote to memory of 3596 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 89 PID 592 wrote to memory of 2928 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 90 PID 592 wrote to memory of 2928 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 90 PID 592 wrote to memory of 2928 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 90 PID 5060 wrote to memory of 3840 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 91 PID 5060 wrote to memory of 3840 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 91 PID 5060 wrote to memory of 3840 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 91 PID 1740 wrote to memory of 4680 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 92 PID 1740 wrote to memory of 4680 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 92 PID 1740 wrote to memory of 4680 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 92 PID 3596 wrote to memory of 4632 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 93 PID 3596 wrote to memory of 4632 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 93 PID 3596 wrote to memory of 4632 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 93 PID 3596 wrote to memory of 1428 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 94 PID 3596 wrote to memory of 1428 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 94 PID 3596 wrote to memory of 1428 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 94 PID 1740 wrote to memory of 3824 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 95 PID 1740 wrote to memory of 3824 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 95 PID 1740 wrote to memory of 3824 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 95 PID 5060 wrote to memory of 3720 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 96 PID 5060 wrote to memory of 3720 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 96 PID 5060 wrote to memory of 3720 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 96 PID 592 wrote to memory of 972 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 97 PID 592 wrote to memory of 972 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 97 PID 592 wrote to memory of 972 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 97 PID 2928 wrote to memory of 4528 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 98 PID 2928 wrote to memory of 4528 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 98 PID 2928 wrote to memory of 4528 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 98 PID 4680 wrote to memory of 3152 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 99 PID 4680 wrote to memory of 3152 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 99 PID 4680 wrote to memory of 3152 4680 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 99 PID 4632 wrote to memory of 2740 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 100 PID 4632 wrote to memory of 2740 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 100 PID 4632 wrote to memory of 2740 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 100 PID 3840 wrote to memory of 1152 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 101 PID 3840 wrote to memory of 1152 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 101 PID 3840 wrote to memory of 1152 3840 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 101 PID 3596 wrote to memory of 2828 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 102 PID 3596 wrote to memory of 2828 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 102 PID 3596 wrote to memory of 2828 3596 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 102 PID 1428 wrote to memory of 4048 1428 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 103 PID 1428 wrote to memory of 4048 1428 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 103 PID 1428 wrote to memory of 4048 1428 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 103 PID 1740 wrote to memory of 800 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 104 PID 1740 wrote to memory of 800 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 104 PID 1740 wrote to memory of 800 1740 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 104 PID 5060 wrote to memory of 4912 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 105 PID 5060 wrote to memory of 4912 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 105 PID 5060 wrote to memory of 4912 5060 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 105 PID 2928 wrote to memory of 1628 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 106 PID 2928 wrote to memory of 1628 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 106 PID 2928 wrote to memory of 1628 2928 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 106 PID 592 wrote to memory of 2084 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 107 PID 592 wrote to memory of 2084 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 107 PID 592 wrote to memory of 2084 592 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 107 PID 4632 wrote to memory of 1192 4632 cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3596 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4632 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵
- Checks computer location settings
PID:1808 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:5640
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"8⤵PID:9492
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"8⤵PID:12836
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:6520
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"8⤵PID:10788
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"8⤵PID:14616
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:9476
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12864
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:3816
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:7904
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:9264
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12896
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:6624
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12304
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9532
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12904
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:6076
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:14252
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:7780
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9364
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12552
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:628
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:7460
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9556
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:14268
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6476
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:14280
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8444
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8312
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12952
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4048 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:5808
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:10192
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12408
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:7256
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:13728
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9404
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13064
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:2136
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:6960
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12560
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9516
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12784
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6500
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12508
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8544
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8308
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:14260
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
PID:2828 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12992
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7400
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9348
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12544
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:4396
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7564
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9548
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12888
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6512
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:11768
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9540
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12872
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4680 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3152 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:6008
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:13288
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:7484
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9356
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13280
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:8268
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9232
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12524
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6284
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13000
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8592
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8788
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12320
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:4936
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:5956
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12984
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7476
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:15772
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9444
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12944
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:260
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7440
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9340
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12880
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6308
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12296
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8472
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6540
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12516
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3824 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
PID:392 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:5880
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9732
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13736
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6548
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:15636
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9460
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12936
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7264
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9272
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:13264
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6300
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:13008
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8568
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8408
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:11936
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
PID:800 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:5796
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9712
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:14244
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7240
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:10796
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:14932
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9436
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12608
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:3576
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7796
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9412
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12616
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:6384
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12072
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8600
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8496
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12476
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:592 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4528 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:3872
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:5972
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:9508
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12912
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:7468
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9428
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13216
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:4412
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"7⤵PID:12060
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:9484
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12644
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6484
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12344
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8576
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8352
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12036
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵
- Checks computer location settings
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:11016
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:14952
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:4260
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9468
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12976
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:4032
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7804
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9332
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:13056
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6376
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12576
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8452
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9208
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:13048
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:972 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:4408
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:5896
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:12568
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7408
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9372
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12624
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:8216
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9240
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12584
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6428
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12416
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8480
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8872
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12312
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12448
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7772
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9396
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12968
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:4916
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7432
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9724
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:13040
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:6420
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12328
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8560
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8624
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12928
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3840 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1152 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:6000
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"6⤵PID:13016
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7452
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9388
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:13272
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:7912
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9256
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:13248
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:6576
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12128
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9524
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12844
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵
- Checks computer location settings
PID:4348 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:5844
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9500
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:12920
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7788
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9380
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12532
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:4324
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7416
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9452
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12960
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:6292
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:13024
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8464
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8392
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12336
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3720 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:2188
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:5964
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:9952
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:14944
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:7248
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"5⤵PID:15784
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9420
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12592
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:8260
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:9224
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12360
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:6492
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:13296
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8552
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8324
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12204
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵
- Checks computer location settings
PID:4912 -
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:5872
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:10068
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"4⤵PID:12176
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:7424
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:9324
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:13032
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:8012
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:9248
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12600
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵PID:6392
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"3⤵PID:12384
-
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵PID:8584
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵PID:8292
-
-
C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb96877124bb3fbfd06a5b47db00c130_NeikiAnalytics.exe"2⤵PID:12776
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast girls shower .mpg.exe
Filesize1.0MB
MD5bd83b9110781f86c914a8218bc23b006
SHA1d259f4ece70cc7f6d9aa9bb2eaeb2b1bc961d627
SHA25699399f95658fc7298d173be8b84aa022028455d6a348e4b7fc8aeef4159ce5dd
SHA5129eb479714a246c699ead8b3d6c846df293c7a90d5952a93f26b1c7498fa8e8cd040e464c605bf52361e3b3d1fe9af836c9ea75beced5a3986e41dcf61da6ef69