65444b44794e11f4fa280da937accfde9155c0fd1779db1fbd0097064f67e7d7

Analysis

max time kernel
19s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 15:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
Size

2.0MB
MD5

11f0bdaeae9aff835db31d1b59abf020
SHA1

746ece79b72ec4bf95a3ede0f7783c00601551fe
SHA256

65444b44794e11f4fa280da937accfde9155c0fd1779db1fbd0097064f67e7d7
SHA512

8d55c284711ea3de25cb724e662ad84e91c8b8e2ec65daf80ff6be92375641810ef88ab9d8e9c8368fca2b425b1d38030bf142079e954ba581746904e4977c5c
SSDEEP

49152:+fPJlcqsR5jvW4Ces4H32u430U3wk/VwlTZ:+fPXclRJvW4e4H1l8wYw3

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2136-0-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/files/0x0007000000014fe1-5.dat	upx
behavioral1/memory/2136-10-0x0000000004600000-0x000000000461B000-memory.dmp	upx
behavioral1/memory/2504-11-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2596-70-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2136-68-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2460-72-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2504-71-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1260-91-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1948-92-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2596-95-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2372-94-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1952-97-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2460-96-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2500-90-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2384-88-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2668-86-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1544-93-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2136-98-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/924-100-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2468-99-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2212-103-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2384-102-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1260-104-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2356-107-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2372-110-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1604-106-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1948-105-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1924-111-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1952-112-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/924-115-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1840-116-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1512-117-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2212-119-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1604-120-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1424-122-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2356-121-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1428-124-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/932-123-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1272-127-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2124-126-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1132-128-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1840-129-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1820-132-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1876-134-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2712-136-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2296-138-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2484-140-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2028-141-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3020-149-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1664-150-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2140-152-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/668-153-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/780-155-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1728-157-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1204-159-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1464-160-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2904-161-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2532-163-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2136-174-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3200-179-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3208-180-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3216-181-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3244-182-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\W:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\B:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\E:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\H:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\N:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\P:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\R:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\X:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\A:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\K:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\O:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\S:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\T:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\V:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\I:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\L:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\M:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\U:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File opened (read-only)	\??\G:	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\beastiality xxx masturbation hole .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american porn bukkake voyeur wifey (Britney,Tatjana).mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx hidden (Tatjana).avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish porn horse voyeur glans .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\indian cum gay hidden mature (Ashley,Melissa).zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american handjob trambling voyeur titts .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot gay sleeping shoes .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish gang bang lingerie full movie glans redhair (Sylvia).mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese fetish beast big hole (Sonja,Sarah).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish fetish bukkake uncut titts .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\lingerie voyeur hole (Christine,Curtney).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\russian gang bang hardcore masturbation .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake hidden glans (Sonja,Curtney).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\lingerie [bangbus] hole .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\fucking [milf] .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black gang bang fucking sleeping (Curtney).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore masturbation granny (Gina,Melissa).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hot (!) high heels .zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black horse hardcore catfight hole .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\bukkake uncut titts sweet (Melissa).avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish nude trambling full movie hole (Christine,Liz).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian handjob gay [milf] glans .zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian porn bukkake [free] feet sm .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish action lingerie masturbation hole redhair (Sylvia).mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish gang bang gay [milf] glans wifey .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast hidden glans traffic .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian gang bang beast big glans .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian handjob fucking several models cock .zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob masturbation mature .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\black handjob trambling public cock fishy .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian beastiality blowjob several models cock .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian fetish gay voyeur hotel .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beast catfight cock .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\security\templates\japanese action hardcore uncut hole pregnant .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black gang bang lesbian public shoes (Gina,Melissa).zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\japanese action beast [milf] .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\swedish porn fucking hidden titts .mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay [milf] YEâPSè& .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish beastiality horse big titts .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\malaysia horse uncut stockings (Sonja,Tatjana).avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore [bangbus] .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast licking blondie .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black beastiality trambling sleeping wifey .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\japanese action lingerie catfight feet .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking girls (Karin).rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black porn gay several models ¼ç (Sandy,Sylvia).avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese animal bukkake full movie feet (Gina,Jade).zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking sleeping .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian nude bukkake girls hole .avi.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling sleeping balls .zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\xxx girls femdom .zip.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian nude sperm girls cock shoes (Sarah).mpg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking horse sleeping blondie .mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american porn hardcore uncut titts 40+ .rar.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian masturbation titts (Gina,Curtney).mpeg.exe	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2384	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1260	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2372	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1952	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1924	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
924	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1512	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2212	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2356	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1604	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1428	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2384	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1424	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
932	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1272	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2124	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1132	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2372	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1260	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1840	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1820	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1876	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2712	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2712	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2296	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2296	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2484	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
2484	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
1952	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2504	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	28
PID 2136 wrote to memory of 2504	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	28
PID 2136 wrote to memory of 2504	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	28
PID 2136 wrote to memory of 2504	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	28
PID 2504 wrote to memory of 2668	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	29
PID 2504 wrote to memory of 2668	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	29
PID 2504 wrote to memory of 2668	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	29
PID 2504 wrote to memory of 2668	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 2500	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	30
PID 2136 wrote to memory of 2500	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	30
PID 2136 wrote to memory of 2500	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	30
PID 2136 wrote to memory of 2500	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	30
PID 2504 wrote to memory of 1544	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	33
PID 2504 wrote to memory of 1544	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	33
PID 2504 wrote to memory of 1544	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	33
PID 2504 wrote to memory of 1544	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	33
PID 2668 wrote to memory of 2596	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	34
PID 2668 wrote to memory of 2596	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	34
PID 2668 wrote to memory of 2596	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	34
PID 2668 wrote to memory of 2596	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	34
PID 2136 wrote to memory of 2460	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	35
PID 2136 wrote to memory of 2460	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	35
PID 2136 wrote to memory of 2460	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	35
PID 2136 wrote to memory of 2460	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	35
PID 2500 wrote to memory of 2468	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	36
PID 2500 wrote to memory of 2468	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	36
PID 2500 wrote to memory of 2468	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	36
PID 2500 wrote to memory of 2468	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	36
PID 2668 wrote to memory of 1260	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	39
PID 2668 wrote to memory of 1260	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	39
PID 2668 wrote to memory of 1260	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	39
PID 2668 wrote to memory of 1260	2668	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	39
PID 1544 wrote to memory of 2384	1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	37
PID 1544 wrote to memory of 2384	1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	37
PID 1544 wrote to memory of 2384	1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	37
PID 1544 wrote to memory of 2384	1544	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	37
PID 2596 wrote to memory of 1948	2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	38
PID 2596 wrote to memory of 1948	2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	38
PID 2596 wrote to memory of 1948	2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	38
PID 2596 wrote to memory of 1948	2596	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	38
PID 2504 wrote to memory of 2372	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	40
PID 2504 wrote to memory of 2372	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	40
PID 2504 wrote to memory of 2372	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	40
PID 2504 wrote to memory of 2372	2504	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	40
PID 2500 wrote to memory of 1924	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	41
PID 2500 wrote to memory of 1924	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	41
PID 2500 wrote to memory of 1924	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	41
PID 2500 wrote to memory of 1924	2500	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	41
PID 2136 wrote to memory of 1952	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	42
PID 2136 wrote to memory of 1952	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	42
PID 2136 wrote to memory of 1952	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	42
PID 2136 wrote to memory of 1952	2136	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	42
PID 2460 wrote to memory of 924	2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	43
PID 2460 wrote to memory of 924	2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	43
PID 2460 wrote to memory of 924	2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	43
PID 2460 wrote to memory of 924	2460	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	43
PID 2468 wrote to memory of 1512	2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	44
PID 2468 wrote to memory of 1512	2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	44
PID 2468 wrote to memory of 1512	2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	44
PID 2468 wrote to memory of 1512	2468	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	44
PID 1948 wrote to memory of 2212	1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	45
PID 1948 wrote to memory of 2212	1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	45
PID 1948 wrote to memory of 2212	1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	45
PID 1948 wrote to memory of 2212	1948	11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe	45

C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        9⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        9⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:9944
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10180
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7712
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:8712
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:11700
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:6680
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:10156
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10116
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        7⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10496
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10188
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7968
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:9928
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10608
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:10364
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10348
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7736
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:9880
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10520
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:7872
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7852
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:280
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
        5⤵
        
        PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10540
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:12236
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:284
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10404
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:7760
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:8216
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:8040
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  PID:3696
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:916
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
    3⤵
    PID:7960
- C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\11f0bdaeae9aff835db31d1b59abf020_NeikiAnalytics.exe"
  2⤵
  PID:8088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hot (!) high heels .zip.exe

Filesize
585KB

MD5
702639bc37ec52221f8fd27d60562228

SHA1
a1583d1d1246027c93e2c0d33752e3ff4d04e53e

SHA256
ee2793ae97ab4b850d9878384e2d45fc6105df6ad933c3cd147cd54d4db5eccb

SHA512
763a3d1b525494a5107aa28c1a1ea577e6958e985ab3993e8e75a06801c7b64c356818689983af43d157ac025de7d23f7789534bd957701531dc9aa7253dd23c

Download Submit
memory/668-153-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/668-200-0x0000000000820000-0x000000000083B000-memory.dmp

Filesize
108KB

Download
memory/780-155-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/924-115-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/924-100-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/932-123-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1132-128-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1204-159-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1260-104-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1260-125-0x0000000000530000-0x000000000054B000-memory.dmp

Filesize
108KB

Download
memory/1260-91-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1272-201-0x0000000004920000-0x000000000493B000-memory.dmp

Filesize
108KB

Download
memory/1272-127-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1272-204-0x0000000004920000-0x000000000493B000-memory.dmp

Filesize
108KB

Download
memory/1424-158-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/1424-162-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/1424-122-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1428-154-0x00000000047C0000-0x00000000047DB000-memory.dmp

Filesize
108KB

Download
memory/1428-124-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1464-160-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1488-210-0x00000000047C0000-0x00000000047DB000-memory.dmp

Filesize
108KB

Download
memory/1512-117-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1544-93-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1544-151-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/1544-137-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/1604-106-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1604-120-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1664-150-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1728-157-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1820-218-0x00000000045E0000-0x00000000045FB000-memory.dmp

Filesize
108KB

Download
memory/1820-132-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1840-116-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1840-129-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1876-134-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1924-111-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1948-105-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1948-92-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1952-112-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1952-135-0x0000000004900000-0x000000000491B000-memory.dmp

Filesize
108KB

Download
memory/1952-97-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2028-141-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2124-126-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2124-205-0x0000000004920000-0x000000000493B000-memory.dmp

Filesize
108KB

Download
memory/2136-56-0x0000000004E30000-0x0000000004E4B000-memory.dmp

Filesize
108KB

Download
memory/2136-227-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2136-98-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2136-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2136-174-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2136-10-0x0000000004600000-0x000000000461B000-memory.dmp

Filesize
108KB

Download
memory/2136-68-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2136-89-0x0000000004E30000-0x0000000004E4B000-memory.dmp

Filesize
108KB

Download
memory/2140-152-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2212-119-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2212-103-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2296-138-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2356-107-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2356-121-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2372-110-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2372-94-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2384-156-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/2384-102-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2384-88-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2460-130-0x0000000004910000-0x000000000492B000-memory.dmp

Filesize
108KB

Download
memory/2460-114-0x0000000004900000-0x000000000491B000-memory.dmp

Filesize
108KB

Download
memory/2460-96-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2460-72-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2468-99-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2484-140-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2500-90-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2504-67-0x0000000004A50000-0x0000000004A6B000-memory.dmp

Filesize
108KB

Download
memory/2504-85-0x00000000047C0000-0x00000000047DB000-memory.dmp

Filesize
108KB

Download
memory/2504-71-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2504-55-0x00000000047C0000-0x00000000047DB000-memory.dmp

Filesize
108KB

Download
memory/2504-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2532-163-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2596-70-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2596-168-0x0000000004A80000-0x0000000004A9B000-memory.dmp

Filesize
108KB

Download
memory/2596-173-0x0000000004A80000-0x0000000004A9B000-memory.dmp

Filesize
108KB

Download
memory/2596-118-0x0000000001EA0000-0x0000000001EBB000-memory.dmp

Filesize
108KB

Download
memory/2596-95-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2668-226-0x00000000045E0000-0x00000000045FB000-memory.dmp

Filesize
108KB

Download
memory/2668-87-0x00000000045D0000-0x00000000045EB000-memory.dmp

Filesize
108KB

Download
memory/2668-86-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2668-69-0x0000000004580000-0x000000000459B000-memory.dmp

Filesize
108KB

Download
memory/2712-136-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2756-223-0x0000000004580000-0x000000000459B000-memory.dmp

Filesize
108KB

Download
memory/2904-161-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3020-149-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3200-179-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3208-180-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3216-181-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3244-182-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3516-217-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3536-215-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3748-216-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3920-214-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3980-211-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4008-212-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4016-213-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download