99da8658be7c9edb060cad22e46be4bd54039d0c78f08ba6e1776d2eb0afbda5

Analysis

max time kernel
34s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
Size

1.8MB
MD5

e4e5b9e52eaa136ac6ed9304561100a0
SHA1

409678207c0a6c57dfa6c136c2bb8c35becd7f0f
SHA256

99da8658be7c9edb060cad22e46be4bd54039d0c78f08ba6e1776d2eb0afbda5
SHA512

97ac1db6bd2b0f974cb633db486eac7f2433bad617fb86ba6969c9bd8bd59b9984e5a94faf028169faffd5d77fb39c9ea7056d61b5a53d9acf3bf973238420fd
SSDEEP

49152:tQPHGuY4IyPeu+uZna4YxkSMz8LTVXO0Uxqs:wmuhIymad2kSU8LTV9UH

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000014fe1-5.dat	upx
behavioral1/memory/988-15-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1360-55-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1056-57-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1360-69-0x0000000004A40000-0x0000000004A60000-memory.dmp	upx
behavioral1/memory/2596-70-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2528-74-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2608-73-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2704-71-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2180-89-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2060-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/988-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1360-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1056-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2596-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2528-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2608-100-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2704-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1260-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2180-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2020-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1940-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2208-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2060-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2196-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1952-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2164-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2340-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2320-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1340-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2020-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1940-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/280-125-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1696-132-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2340-133-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1504-135-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1520-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2348-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2916-138-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/892-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/908-140-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2040-141-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/936-142-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/760-143-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1768-146-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2916-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1576-148-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2980-149-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/784-150-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/604-151-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2796-152-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1940-153-0x0000000004A40000-0x0000000004A60000-memory.dmp	upx
behavioral1/memory/2864-154-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2940-155-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/364-156-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2824-157-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2108-158-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2904-163-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2576-165-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2180-176-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3772-199-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3812-200-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3848-205-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\british nude [free] (Jade).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\handjob horse hot (!) hotel .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french cumshot beast uncut boobs (Christine,Sarah).avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\xxx [milf] vagina latex .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\german action catfight beautyfull .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia horse handjob sleeping .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\german beastiality masturbation shower .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian cumshot girls .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\gang bang handjob lesbian feet circumcision .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian gang bang voyeur pregnant (Ashley).mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\animal lingerie public glans traffic (Jenna).mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american porn horse [bangbus] .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\gang bang porn hidden (Ashley,Sonja).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian gay masturbation titts redhair (Britney).avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\trambling horse voyeur .mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian trambling action full movie vagina .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\porn hidden feet hotel .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\canadian fetish fetish [milf] traffic .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish horse hidden boobs .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\hardcore sleeping feet mature .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\cum hidden hole bedroom .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beast several models girly (Britney,Sonja).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian lingerie lingerie catfight titts .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fetish lingerie [milf] femdom .mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american action beast big .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse fetish full movie femdom (Liz).mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\brasilian lesbian fetish full movie .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\action hot (!) wifey .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\chinese handjob public femdom (Samantha,Christine).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lingerie xxx full movie .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\porn public mature .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\french animal big shoes (Melissa).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\russian lingerie xxx public .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\kicking xxx sleeping legs .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish sperm porn public (Ashley,Liz).mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\bukkake [free] bondage .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian xxx uncut feet circumcision (Jenna).mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse beast big hole (Curtney).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish cumshot fucking voyeur nipples circumcision .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse blowjob hot (!) blondie .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian kicking horse licking (Karin).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lesbian licking ¼ç .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\chinese beastiality gang bang hidden upskirt .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\spanish trambling several models glans stockings .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\chinese lingerie sleeping hotel (Sonja,Sonja).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\black blowjob catfight ìï .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian porn voyeur boobs (Ashley,Karin).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\animal nude hidden hairy .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese horse trambling voyeur feet .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american horse gay licking bedroom (Sonja,Gina).mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob full movie feet .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\canadian fucking fetish catfight circumcision (Jenna).mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\swedish animal girls black hairunshaved .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot full movie .mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\malaysia blowjob sperm several models (Jenna,Sonja).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american bukkake masturbation .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot fucking masturbation hole .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\fetish handjob [free] boobs 40+ .mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\norwegian animal fucking uncut lady .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\porn licking femdom .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\spanish porn porn girls black hairunshaved .mpg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british lingerie hidden .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\porn cumshot lesbian hole mistress (Jenna).zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\blowjob action hidden gorgeoushorny .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\canadian horse fetish uncut shower .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake beast public .avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish cumshot licking mistress .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\trambling trambling voyeur bondage (Anniston,Curtney).avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian hardcore animal voyeur 50+ (Sonja,Jenna).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\tyrkish horse gang bang [bangbus] girly (Tatjana,Ashley).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american trambling gay sleeping ash shower (Sarah).rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german cum lesbian [free] ash 50+ .rar.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\fucking uncut ejaculation .zip.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\norwegian gang bang girls .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\handjob horse voyeur .mpeg.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\handjob action [bangbus] penetration (Jenna,Britney).avi.exe	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1260	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2060	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2208	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2196	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1952	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2164	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2320	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1340	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2020	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1940	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1260	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
280	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2060	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1696	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2340	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2208	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1504	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1520	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2196	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2348	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
892	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
892	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
908	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
908	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2040	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2040	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
936	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
936	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
760	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
760	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1768	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1768	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 988	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	28
PID 2180 wrote to memory of 988	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	28
PID 2180 wrote to memory of 988	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	28
PID 2180 wrote to memory of 988	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	28
PID 988 wrote to memory of 1360	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	29
PID 988 wrote to memory of 1360	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	29
PID 988 wrote to memory of 1360	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	29
PID 988 wrote to memory of 1360	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	29
PID 2180 wrote to memory of 1056	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	30
PID 2180 wrote to memory of 1056	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	30
PID 2180 wrote to memory of 1056	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	30
PID 2180 wrote to memory of 1056	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	30
PID 988 wrote to memory of 2596	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	33
PID 988 wrote to memory of 2596	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	33
PID 988 wrote to memory of 2596	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	33
PID 988 wrote to memory of 2596	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	33
PID 1360 wrote to memory of 2704	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	34
PID 1360 wrote to memory of 2704	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	34
PID 1360 wrote to memory of 2704	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	34
PID 1360 wrote to memory of 2704	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	34
PID 1056 wrote to memory of 2608	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	35
PID 1056 wrote to memory of 2608	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	35
PID 1056 wrote to memory of 2608	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	35
PID 1056 wrote to memory of 2608	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	35
PID 2180 wrote to memory of 2528	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	36
PID 2180 wrote to memory of 2528	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	36
PID 2180 wrote to memory of 2528	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	36
PID 2180 wrote to memory of 2528	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	36
PID 988 wrote to memory of 1260	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	37
PID 988 wrote to memory of 1260	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	37
PID 988 wrote to memory of 1260	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	37
PID 988 wrote to memory of 1260	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	37
PID 2528 wrote to memory of 2208	2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	38
PID 2528 wrote to memory of 2208	2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	38
PID 2528 wrote to memory of 2208	2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	38
PID 2528 wrote to memory of 2208	2528	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	38
PID 2704 wrote to memory of 2060	2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	39
PID 2704 wrote to memory of 2060	2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	39
PID 2704 wrote to memory of 2060	2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	39
PID 2704 wrote to memory of 2060	2704	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	39
PID 2596 wrote to memory of 2196	2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	40
PID 2596 wrote to memory of 2196	2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	40
PID 2596 wrote to memory of 2196	2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	40
PID 2596 wrote to memory of 2196	2596	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	40
PID 1056 wrote to memory of 1952	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	41
PID 1056 wrote to memory of 1952	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	41
PID 1056 wrote to memory of 1952	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	41
PID 1056 wrote to memory of 1952	1056	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	41
PID 2180 wrote to memory of 2164	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	42
PID 2180 wrote to memory of 2164	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	42
PID 2180 wrote to memory of 2164	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	42
PID 2180 wrote to memory of 2164	2180	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	42
PID 1360 wrote to memory of 2320	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	43
PID 1360 wrote to memory of 2320	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	43
PID 1360 wrote to memory of 2320	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	43
PID 1360 wrote to memory of 2320	1360	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	43
PID 2608 wrote to memory of 1340	2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	44
PID 2608 wrote to memory of 1340	2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	44
PID 2608 wrote to memory of 1340	2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	44
PID 2608 wrote to memory of 1340	2608	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	44
PID 988 wrote to memory of 2020	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	45
PID 988 wrote to memory of 2020	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	45
PID 988 wrote to memory of 2020	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	45
PID 988 wrote to memory of 2020	988	e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe	45

C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:988
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:8628
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:7228
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:10148
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:8688
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3252
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:9468
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:5160
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:2996
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:1964
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:8680
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:824
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:8716
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:10204
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:7188
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:5684
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:3844
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:3960
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
      4⤵
      PID:8768
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:6756
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:8732
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  PID:1864
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:8556
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  PID:3792
- - C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
    3⤵
    PID:8572
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  PID:5804
- C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e4e5b9e52eaa136ac6ed9304561100a0_NeikiAnalytics.exe"
  2⤵
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\fetish lingerie [milf] femdom .mpg.exe

Filesize
379KB

MD5
28be6b3580936c574b6870a4d19b86dd

SHA1
28484783e4e8e1669c0d5ad4eec23b7e64434d6d

SHA256
e411aaccf6907e274bdd1edfcf6d9a0a9eb599d1fcad4b652a6388dfff7e3385

SHA512
71c822e13a0708387e07f3c203c4df844515fc7f2dbfe8bc252f6cf193943e1558e0b124511c455809603bd6a184fe6fbdf2f5c23878acfb49124003774765d2

Download Submit
memory/280-125-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/364-156-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/604-151-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/760-224-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/760-143-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/784-150-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/892-225-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/892-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/908-140-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/936-142-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/988-54-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/988-68-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/988-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/988-102-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/988-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1056-57-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1056-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1056-96-0x0000000004610000-0x0000000004630000-memory.dmp

Filesize
128KB

Download
memory/1260-219-0x00000000046E0000-0x0000000004700000-memory.dmp

Filesize
128KB

Download
memory/1260-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1340-174-0x0000000000790000-0x00000000007B0000-memory.dmp

Filesize
128KB

Download
memory/1340-166-0x0000000000790000-0x00000000007B0000-memory.dmp

Filesize
128KB

Download
memory/1340-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1360-69-0x0000000004A40000-0x0000000004A60000-memory.dmp

Filesize
128KB

Download
memory/1360-55-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1360-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1504-135-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1520-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1576-148-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1696-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1768-146-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1940-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1940-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1940-153-0x0000000004A40000-0x0000000004A60000-memory.dmp

Filesize
128KB

Download
memory/1952-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1952-197-0x0000000004940000-0x0000000004960000-memory.dmp

Filesize
128KB

Download
memory/1952-206-0x0000000004940000-0x0000000004960000-memory.dmp

Filesize
128KB

Download
memory/2020-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2020-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2040-141-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2060-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2060-111-0x0000000004900000-0x0000000004920000-memory.dmp

Filesize
128KB

Download
memory/2060-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2060-220-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2060-124-0x0000000004900000-0x0000000004920000-memory.dmp

Filesize
128KB

Download
memory/2060-210-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2108-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2164-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-89-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-194-0x0000000004960000-0x0000000004980000-memory.dmp

Filesize
128KB

Download
memory/2180-13-0x0000000004670000-0x0000000004690000-memory.dmp

Filesize
128KB

Download
memory/2180-56-0x0000000004960000-0x0000000004980000-memory.dmp

Filesize
128KB

Download
memory/2180-230-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-176-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-72-0x0000000004960000-0x0000000004980000-memory.dmp

Filesize
128KB

Download
memory/2180-91-0x0000000004670000-0x0000000004690000-memory.dmp

Filesize
128KB

Download
memory/2180-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-99-0x0000000004960000-0x0000000004980000-memory.dmp

Filesize
128KB

Download
memory/2196-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2196-115-0x0000000001E80000-0x0000000001EA0000-memory.dmp

Filesize
128KB

Download
memory/2208-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2320-213-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/2320-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2320-208-0x0000000001EF0000-0x0000000001F10000-memory.dmp

Filesize
128KB

Download
memory/2340-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2340-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2348-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2528-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2528-90-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2528-74-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2528-159-0x0000000004A60000-0x0000000004A80000-memory.dmp

Filesize
128KB

Download
memory/2576-165-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2596-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2596-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2608-73-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2608-118-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2608-100-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2704-120-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/2704-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2704-134-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/2704-71-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2796-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2824-211-0x00000000045C0000-0x00000000045E0000-memory.dmp

Filesize
128KB

Download
memory/2824-157-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2864-154-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2904-163-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2904-212-0x0000000004900000-0x0000000004920000-memory.dmp

Filesize
128KB

Download
memory/2916-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2916-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2940-207-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2940-198-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2940-155-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2980-149-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3416-215-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3772-199-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3812-200-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3848-205-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3944-209-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download