description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IwMIkcMQ.exe = "C:\\Users\\Admin\\gQQwUkkE\\IwMIkcMQ.exe"	IwMIkcMQ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IwMIkcMQ.exe = "C:\\Users\\Admin\\gQQwUkkE\\IwMIkcMQ.exe"	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MigsEAsc.exe = "C:\\ProgramData\\ooAYoAkc\\MigsEAsc.exe"	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MigsEAsc.exe = "C:\\ProgramData\\ooAYoAkc\\MigsEAsc.exe"	MigsEAsc.exe

pid	Process
3192	reg.exe
3600	reg.exe
3512	reg.exe
4584	reg.exe
3240	reg.exe
2324	reg.exe
1520	reg.exe
4288	reg.exe
2204	reg.exe
3624	reg.exe
4592	reg.exe
2660	reg.exe
1304	reg.exe
3360	reg.exe
1600	reg.exe
456	reg.exe
2280	reg.exe
3500	reg.exe
2544	reg.exe
456	reg.exe
4328	reg.exe
2256	reg.exe
4212	reg.exe
4744	reg.exe
4824	reg.exe
4996	reg.exe
3228	reg.exe
2892	reg.exe
1824	reg.exe
2988	reg.exe
3096	reg.exe
4492	reg.exe
3044	reg.exe
3960	reg.exe
4172	reg.exe
1328	reg.exe
3956	reg.exe
2980	reg.exe
64	reg.exe
1148	reg.exe
1816	reg.exe
116	reg.exe
4904	reg.exe
3460	reg.exe
3396	reg.exe
4420	reg.exe
4376	reg.exe
4172	reg.exe
708	reg.exe
3224	reg.exe
2820	reg.exe
1212	reg.exe
452	reg.exe
4252	reg.exe
4384	reg.exe
1288	reg.exe
2820	reg.exe
4036	reg.exe
3504	reg.exe
3232	reg.exe
4696	reg.exe
1288	reg.exe
2476	reg.exe
2732	reg.exe

pid	Process
2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4036	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4036	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4036	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4036	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2136	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2136	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2136	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2136	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2288	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2288	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2288	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2288	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
548	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
548	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
548	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
548	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4888	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4888	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4888	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4888	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4708	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4708	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4708	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4708	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2180	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2180	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2180	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2180	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3980	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3980	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3980	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3980	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3668	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3668	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3668	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
3668	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2380	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2380	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2380	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2380	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2692	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2692	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2692	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
2692	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4460	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4460	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4460	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe
4460	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe

pid	Process
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe
4828	IwMIkcMQ.exe

description	pid	Process	procid_target
PID 2196 wrote to memory of 4828	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	84
PID 2196 wrote to memory of 4828	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	84
PID 2196 wrote to memory of 4828	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	84
PID 2196 wrote to memory of 972	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	85
PID 2196 wrote to memory of 972	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	85
PID 2196 wrote to memory of 972	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	85
PID 2196 wrote to memory of 548	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	86
PID 2196 wrote to memory of 548	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	86
PID 2196 wrote to memory of 548	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	86
PID 548 wrote to memory of 3652	548	cmd.exe	89
PID 548 wrote to memory of 3652	548	cmd.exe	89
PID 548 wrote to memory of 3652	548	cmd.exe	89
PID 2196 wrote to memory of 3932	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	90
PID 2196 wrote to memory of 3932	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	90
PID 2196 wrote to memory of 3932	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	90
PID 2196 wrote to memory of 2552	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	91
PID 2196 wrote to memory of 2552	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	91
PID 2196 wrote to memory of 2552	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	91
PID 2196 wrote to memory of 4684	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	92
PID 2196 wrote to memory of 4684	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	92
PID 2196 wrote to memory of 4684	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	92
PID 2196 wrote to memory of 4352	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	93
PID 2196 wrote to memory of 4352	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	93
PID 2196 wrote to memory of 4352	2196	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	93
PID 4352 wrote to memory of 4944	4352	cmd.exe	98
PID 4352 wrote to memory of 4944	4352	cmd.exe	98
PID 4352 wrote to memory of 4944	4352	cmd.exe	98
PID 3652 wrote to memory of 1100	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	99
PID 3652 wrote to memory of 1100	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	99
PID 3652 wrote to memory of 1100	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	99
PID 1100 wrote to memory of 4968	1100	cmd.exe	101
PID 1100 wrote to memory of 4968	1100	cmd.exe	101
PID 1100 wrote to memory of 4968	1100	cmd.exe	101
PID 3652 wrote to memory of 5000	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	102
PID 3652 wrote to memory of 5000	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	102
PID 3652 wrote to memory of 5000	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	102
PID 3652 wrote to memory of 4752	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	103
PID 3652 wrote to memory of 4752	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	103
PID 3652 wrote to memory of 4752	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	103
PID 3652 wrote to memory of 3900	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	104
PID 3652 wrote to memory of 3900	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	104
PID 3652 wrote to memory of 3900	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	104
PID 3652 wrote to memory of 3872	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	105
PID 3652 wrote to memory of 3872	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	105
PID 3652 wrote to memory of 3872	3652	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	105
PID 3872 wrote to memory of 4188	3872	cmd.exe	110
PID 3872 wrote to memory of 4188	3872	cmd.exe	110
PID 3872 wrote to memory of 4188	3872	cmd.exe	110
PID 4968 wrote to memory of 3504	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	112
PID 4968 wrote to memory of 3504	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	112
PID 4968 wrote to memory of 3504	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	112
PID 3504 wrote to memory of 4036	3504	cmd.exe	114
PID 3504 wrote to memory of 4036	3504	cmd.exe	114
PID 3504 wrote to memory of 4036	3504	cmd.exe	114
PID 4968 wrote to memory of 1312	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	115
PID 4968 wrote to memory of 1312	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	115
PID 4968 wrote to memory of 1312	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	115
PID 4968 wrote to memory of 2128	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	116
PID 4968 wrote to memory of 2128	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	116
PID 4968 wrote to memory of 2128	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	116
PID 4968 wrote to memory of 2476	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	117
PID 4968 wrote to memory of 2476	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	117
PID 4968 wrote to memory of 2476	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	117
PID 4968 wrote to memory of 2568	4968	19f47f9c7ec34d46c0b12bbe2cab9480_NEIKI.exe	118

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.