af0a3358305c6cb01ebd360adcaa48df33d35b3acfe384070427618a2ab1bdf4

Analysis

max time kernel
32s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Size

85KB
MD5

ccaf61553656b4c3242df3f0fe706510
SHA1

f5d9ce19451ae0c576c6e11e1da131549a7390a7
SHA256

af0a3358305c6cb01ebd360adcaa48df33d35b3acfe384070427618a2ab1bdf4
SHA512

cc82e067f0d6c402c30b905ef91c6f2da04fc6f145d1a9116446ab777c2131516f00f90f332326be3b4182973ccb9dd639d8d39c9c3e720c2ef883021f4a7faf
SSDEEP

1536:cGRVCaKgzbLc54hukfgvYnouy8kV1Ayj4m/QWR/Rlq88vlnRqPR/1aViDRknJM2p:cGjbLl/gvQoutY1Tj4mYWR/R4nkPR/1a

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2664-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x000700000001661c-5.dat	upx
behavioral1/memory/2328-60-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1708-90-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1624-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1924-94-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2108-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2664-97-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1536-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2328-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1412-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1708-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1924-108-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/996-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1348-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1496-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/592-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1624-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2664-104-0x0000000005910000-0x000000000592D000-memory.dmp	upx
behavioral1/memory/3056-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1836-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2108-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1536-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1772-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1412-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1696-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/996-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1400-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/592-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1420-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1348-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2892-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2208-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3056-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1772-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1696-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1692-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1108-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1572-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3004-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1444-140-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2892-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1788-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1944-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2220-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2240-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1692-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2996-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1572-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1596-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2664-152-0x0000000006150000-0x000000000616D000-memory.dmp	upx
behavioral1/memory/332-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1740-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2612-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1944-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2000-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2220-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2376-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2240-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2504-167-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2996-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1596-168-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1856-169-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2552-171-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\E:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\U:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\M:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\N:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\O:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\W:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\X:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\I:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\J:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\L:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\S:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\V:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\R:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\T:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\A:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\G:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\H:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\K:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\P:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian nude lingerie licking titts stockings .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian cumshot blowjob girls .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian porn sperm hot (!) .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\bukkake licking mature (Sandy,Liz).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish handjob bukkake [free] pregnant (Christine,Curtney).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american nude horse [free] ash .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\indian beastiality hardcore catfight hole ejaculation .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black fetish beast several models hole sweet .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian bukkake lesbian penetration .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking catfight glans .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian handjob sperm [bangbus] hole .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish cumshot bukkake full movie pregnant .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish kicking fucking several models .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx hot (!) (Sarah).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast voyeur (Samantha).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian animal bukkake hidden glans 50+ .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american animal horse hidden (Samantha).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blowjob big .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse several models beautyfull .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian horse sperm full movie black hairunshaved .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian action gay uncut shoes .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish porn blowjob [milf] hole .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking sleeping granny .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay uncut (Karin).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\danish horse beast licking hole .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\bukkake licking hole swallow (Karin).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\indian porn hardcore full movie shoes .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american beastiality beast hot (!) feet .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\hardcore public cock .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\danish gang bang horse [milf] feet 50+ .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german blowjob girls titts swallow .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\nude bukkake girls glans hotel .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\malaysia beast [bangbus] upskirt .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx hot (!) swallow .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish gay lesbian .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\asian lesbian big fishy (Sonja,Sylvia).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn blowjob masturbation cock shower (Tatjana).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\gay catfight (Tatjana).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian handjob lingerie uncut .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\italian cum trambling voyeur titts high heels (Melissa).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\handjob xxx [free] (Tatjana).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\canadian lingerie public ejaculation .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian beastiality beast sleeping titts wifey .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\african sperm public feet .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\japanese gang bang lesbian hidden (Janette).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\lingerie hot (!) glans .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish nude horse hidden mature (Gina,Liz).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\hardcore several models cock bondage .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\animal beast [bangbus] sm .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\american nude gay public hole ìï (Jade).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling big cock ash (Samantha).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob gay hidden stockings .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse lesbian mistress .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian nude lesbian [bangbus] black hairunshaved .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\italian animal gay voyeur castration .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fetish sperm public .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\tyrkish cum blowjob masturbation hole fishy .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\lingerie big .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx girls .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian cumshot lesbian masturbation .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\canadian hardcore several models 40+ .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake girls .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian horse public .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian porn lingerie full movie (Karin).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german beast big glans wifey (Jade).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\kicking trambling voyeur titts (Sandy,Curtney).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\tyrkish kicking lesbian [free] (Curtney).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese bukkake full movie young .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black animal sperm full movie titts .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\handjob lingerie lesbian titts sm (Liz).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\german gay masturbation glans .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black action hardcore masturbation titts redhair .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\asian sperm hidden (Sarah).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\spanish blowjob masturbation mature .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob bukkake public hole pregnant (Samantha).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\malaysia lesbian [bangbus] redhair .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\asian horse catfight hairy .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore hidden hole high heels .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african beast hidden mature .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\swedish cum horse lesbian hole (Sonja,Liz).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\russian beastiality fucking licking .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\chinese fucking big .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese horse licking mistress (Gina,Sarah).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob hidden .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian cumshot beast hot (!) titts fishy .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish handjob beast catfight feet boots .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\british trambling uncut balls (Sonja,Sarah).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum hardcore hidden hole .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1412	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
996	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
592	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1400	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1420	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1348	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3056	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2208	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1772	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1696	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
996	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3004	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1444	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1412	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2892	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1788	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
592	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1692	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1692	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1572	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1572	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
332	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
332	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1740	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1740	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2000	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2000	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1944	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1944	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2328	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	28
PID 2664 wrote to memory of 2328	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	28
PID 2664 wrote to memory of 2328	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	28
PID 2664 wrote to memory of 2328	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	28
PID 2328 wrote to memory of 1708	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1708	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1708	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1708	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	29
PID 2664 wrote to memory of 1624	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	30
PID 2664 wrote to memory of 1624	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	30
PID 2664 wrote to memory of 1624	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	30
PID 2664 wrote to memory of 1624	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	30
PID 1708 wrote to memory of 1924	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	31
PID 1708 wrote to memory of 1924	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	31
PID 1708 wrote to memory of 1924	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	31
PID 1708 wrote to memory of 1924	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	31
PID 2328 wrote to memory of 1496	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	32
PID 2328 wrote to memory of 1496	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	32
PID 2328 wrote to memory of 1496	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	32
PID 2328 wrote to memory of 1496	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	32
PID 1624 wrote to memory of 2108	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	33
PID 1624 wrote to memory of 2108	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	33
PID 1624 wrote to memory of 2108	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	33
PID 1624 wrote to memory of 2108	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	33
PID 2664 wrote to memory of 1836	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	34
PID 2664 wrote to memory of 1836	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	34
PID 2664 wrote to memory of 1836	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	34
PID 2664 wrote to memory of 1836	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	34
PID 1924 wrote to memory of 1536	1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 1536	1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 1536	1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 1536	1924	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	35
PID 1496 wrote to memory of 996	1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	36
PID 1496 wrote to memory of 996	1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	36
PID 1496 wrote to memory of 996	1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	36
PID 1496 wrote to memory of 996	1496	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	36
PID 1708 wrote to memory of 1412	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	37
PID 1708 wrote to memory of 1412	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	37
PID 1708 wrote to memory of 1412	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	37
PID 1708 wrote to memory of 1412	1708	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	37
PID 2108 wrote to memory of 1400	2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	38
PID 2108 wrote to memory of 1400	2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	38
PID 2108 wrote to memory of 1400	2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	38
PID 2108 wrote to memory of 1400	2108	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	38
PID 2328 wrote to memory of 592	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	39
PID 2328 wrote to memory of 592	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	39
PID 2328 wrote to memory of 592	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	39
PID 2328 wrote to memory of 592	2328	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	39
PID 2664 wrote to memory of 1420	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	40
PID 2664 wrote to memory of 1420	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	40
PID 2664 wrote to memory of 1420	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	40
PID 2664 wrote to memory of 1420	2664	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	40
PID 1624 wrote to memory of 1348	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	41
PID 1624 wrote to memory of 1348	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	41
PID 1624 wrote to memory of 1348	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	41
PID 1624 wrote to memory of 1348	1624	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	41
PID 1836 wrote to memory of 3056	1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	42
PID 1836 wrote to memory of 3056	1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	42
PID 1836 wrote to memory of 3056	1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	42
PID 1836 wrote to memory of 3056	1836	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	42
PID 1536 wrote to memory of 2208	1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	43
PID 1536 wrote to memory of 2208	1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	43
PID 1536 wrote to memory of 2208	1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	43
PID 1536 wrote to memory of 2208	1536	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        10⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:22356
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9200
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:21772
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13408
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:21784
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13560
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15148
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9892
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:18352
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9008
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:18184
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:21716
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15172
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:21700
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9996
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17968
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15064
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10036
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:12488
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14968
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9024
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:18176
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13600
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9836
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15260
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:18220
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13544
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:18228
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13632
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6400
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9048
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:15072
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14728
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13416
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10964
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:10004
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:1300
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:10828
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:18396
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:3760
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:7720
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:12652
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:5660
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:14148
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:8944
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:15116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\horse several models beautyfull .avi.exe

Filesize
167KB

MD5
e7e4c045f8c838c4d683faf1699f64bc

SHA1
8c9b06be0d537cb67c8f2f01d280e9fb83433c30

SHA256
63e1314e48ef7ebd0cf4dbbfec5b421d0a3da0fee43f5b1072ac3c24c0b0d34d

SHA512
7d6df61063ce7210a86e14bdbb5e6ba81d12ced5bdb46aede784022dffe6e782d4c54454b216e1c93ca6769ad894ff138a474e5f166e4158db4f0ab610be2713

Download Submit
C:\debug.txt

Filesize
183B

MD5
994a8dc72e500d9432ac5862c4a46808

SHA1
7a3a86fd627484996e18f15c2567b69e1a5fabaa

SHA256
72bcabc748e61af44ca742b60e94611c8b3093e26aa1bd3db02aa9607dc49e42

SHA512
fdf3552aaa170082a5ec9bd5fdb328f0833340bc0eab8b51faf0b328e7d64e61742f2b84b21af35656c327ff6ce747a6887d8389c748bf9227d5cbe01978465d

Download Submit
memory/332-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/592-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/592-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/996-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/996-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1016-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1108-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1348-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1348-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1400-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-122-0x00000000044E0000-0x00000000044FD000-memory.dmp

Filesize
116KB

Download
memory/1412-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-135-0x00000000044E0000-0x00000000044FD000-memory.dmp

Filesize
116KB

Download
memory/1420-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1420-157-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/1444-140-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-134-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/1496-121-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/1536-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1536-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1552-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1552-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1560-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1572-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1572-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1596-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1596-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1624-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1624-128-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/1624-111-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/1624-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1660-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1692-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1692-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1696-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1696-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1708-93-0x0000000004550000-0x000000000456D000-memory.dmp

Filesize
116KB

Download
memory/1708-106-0x0000000004550000-0x000000000456D000-memory.dmp

Filesize
116KB

Download
memory/1708-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1708-90-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1740-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1772-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1772-166-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/1772-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1772-151-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/1788-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1788-175-0x0000000004AA0000-0x0000000004ABD000-memory.dmp

Filesize
116KB

Download
memory/1836-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1924-108-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1924-94-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1924-155-0x0000000004CE0000-0x0000000004CFD000-memory.dmp

Filesize
116KB

Download
memory/1944-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1944-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2000-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2108-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2108-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2128-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2208-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2220-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2220-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2240-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2240-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2328-109-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2328-60-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2328-95-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2328-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2328-89-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2376-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2376-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2432-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2504-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2504-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2548-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2552-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2564-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2664-152-0x0000000006150000-0x000000000616D000-memory.dmp

Filesize
116KB

Download
memory/2664-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2664-99-0x0000000004D10000-0x0000000004D2D000-memory.dmp

Filesize
116KB

Download
memory/2664-91-0x0000000005910000-0x000000000592D000-memory.dmp

Filesize
116KB

Download
memory/2664-97-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2664-104-0x0000000005910000-0x000000000592D000-memory.dmp

Filesize
116KB

Download
memory/2892-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2892-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2996-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2996-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3004-179-0x0000000004CD0000-0x0000000004CED000-memory.dmp

Filesize
116KB

Download
memory/3004-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3056-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3056-161-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/3056-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download