Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:13
Static task
static1
Behavioral task
behavioral1
Sample
52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
-
Size
202KB
-
MD5
52d8ab906cd51eedfd1355e474b17ff0
-
SHA1
1f7ec1ad19d702cb7dea3f0f88cde30e229bf74e
-
SHA256
9bc173433cf3f10f49da56f3549d7a995164a16b98009e1af072ab0e894efb96
-
SHA512
336eb0926d008b548a3fa742fed76256ac58aacbdc313fafea9678a059d0dc0286c5aa967ae118ed597513319df3236b04cdc14f46d44cfe31ee4f95a8cd1011
-
SSDEEP
6144:n9zla8wBIG+c9CsxAI9PNR7OuQHHh+LH:nlcveqQsGI9Psh8
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (81) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
EWcAsggQ.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation EWcAsggQ.exe -
Executes dropped EXE 2 IoCs
Processes:
EWcAsggQ.exeSIUwAUww.exepid process 3664 EWcAsggQ.exe 2544 SIUwAUww.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 6 IoCs
Processes:
EWcAsggQ.exeSIUwAUww.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" EWcAsggQ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" SIUwAUww.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wMQgckkI.exe = "C:\\Users\\Admin\\sagMUAsk\\wMQgckkI.exe" 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dWEUEsss.exe = "C:\\ProgramData\\qUYIIkwg\\dWEUEsss.exe" 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe -
Drops file in System32 directory 1 IoCs
Processes:
EWcAsggQ.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe EWcAsggQ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 1008 3600 WerFault.exe wMQgckkI.exe 540 4316 WerFault.exe dWEUEsss.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 556 reg.exe 4000 reg.exe 3356 reg.exe 4444 reg.exe 4568 reg.exe 3732 reg.exe 4376 reg.exe 3240 reg.exe 1432 reg.exe 656 4120 4412 reg.exe 3508 reg.exe 2868 860 924 reg.exe 4160 reg.exe 3368 reg.exe 892 reg.exe 2264 reg.exe 3096 reg.exe 4352 2752 reg.exe 4644 reg.exe 668 reg.exe 3352 reg.exe 1692 reg.exe 3264 reg.exe 2296 reg.exe 3180 reg.exe 3540 reg.exe 3628 reg.exe 4632 reg.exe 2972 reg.exe 3104 740 reg.exe 2140 reg.exe 1944 reg.exe 4356 2036 reg.exe 2476 3956 reg.exe 400 reg.exe 1356 reg.exe 1732 reg.exe 2364 reg.exe 556 reg.exe 4416 reg.exe 2968 reg.exe 2004 reg.exe 3248 reg.exe 5108 reg.exe 2260 reg.exe 760 reg.exe 3300 reg.exe 2036 reg.exe 3380 reg.exe 2316 reg.exe 4056 reg.exe 1848 reg.exe 4076 reg.exe 3600 reg.exe 1076 4808 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exepid process 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2600 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2600 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2600 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2600 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3984 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3984 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3984 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3984 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2044 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2044 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2044 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2044 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2996 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2996 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2996 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2996 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 624 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 624 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 624 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 624 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3612 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3612 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3612 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3612 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4628 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4628 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4628 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 4628 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2752 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2752 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2752 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2752 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3144 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3144 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3144 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 3144 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2336 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2336 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2336 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2336 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2368 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2368 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2368 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 2368 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1176 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1176 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1176 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1176 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1964 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1964 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1964 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe 1964 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
EWcAsggQ.exepid process 3664 EWcAsggQ.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
EWcAsggQ.exepid process 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe 3664 EWcAsggQ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.execmd.execmd.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.execmd.execmd.exe52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.execmd.exedescription pid process target process PID 4764 wrote to memory of 3664 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe EWcAsggQ.exe PID 4764 wrote to memory of 3664 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe EWcAsggQ.exe PID 4764 wrote to memory of 3664 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe EWcAsggQ.exe PID 4764 wrote to memory of 2544 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe SIUwAUww.exe PID 4764 wrote to memory of 2544 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe SIUwAUww.exe PID 4764 wrote to memory of 2544 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe SIUwAUww.exe PID 4764 wrote to memory of 2968 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4764 wrote to memory of 2968 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4764 wrote to memory of 2968 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 2968 wrote to memory of 892 2968 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 2968 wrote to memory of 892 2968 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 2968 wrote to memory of 892 2968 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 4764 wrote to memory of 2792 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 2792 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 2792 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 2856 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 2856 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 2856 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 4780 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 4780 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 4780 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4764 wrote to memory of 5012 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4764 wrote to memory of 5012 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4764 wrote to memory of 5012 4764 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 5012 wrote to memory of 4488 5012 cmd.exe cscript.exe PID 5012 wrote to memory of 4488 5012 cmd.exe cscript.exe PID 5012 wrote to memory of 4488 5012 cmd.exe cscript.exe PID 892 wrote to memory of 4256 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 892 wrote to memory of 4256 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 892 wrote to memory of 4256 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 892 wrote to memory of 2800 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2800 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2800 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2712 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2712 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2712 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 3128 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 3128 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 3128 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 892 wrote to memory of 2140 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 892 wrote to memory of 2140 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 892 wrote to memory of 2140 892 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4256 wrote to memory of 4404 4256 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 4256 wrote to memory of 4404 4256 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 4256 wrote to memory of 4404 4256 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 2140 wrote to memory of 2876 2140 cmd.exe cscript.exe PID 2140 wrote to memory of 2876 2140 cmd.exe cscript.exe PID 2140 wrote to memory of 2876 2140 cmd.exe cscript.exe PID 4404 wrote to memory of 5060 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4404 wrote to memory of 5060 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 4404 wrote to memory of 5060 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe PID 5060 wrote to memory of 2600 5060 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 5060 wrote to memory of 2600 5060 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 5060 wrote to memory of 2600 5060 cmd.exe 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe PID 4404 wrote to memory of 3036 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 3036 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 3036 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 1204 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 1204 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 1204 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 3236 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 3236 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 3236 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe reg.exe PID 4404 wrote to memory of 4160 4404 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\JEkUAksA\EWcAsggQ.exe"C:\Users\Admin\JEkUAksA\EWcAsggQ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\ProgramData\AqYYgosQ\SIUwAUww.exe"C:\ProgramData\AqYYgosQ\SIUwAUww.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"8⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"10⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"12⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"14⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"16⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"18⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"20⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"22⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"24⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"26⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"28⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"30⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"32⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"34⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"36⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"38⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"40⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"42⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"44⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"46⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"48⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"50⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"52⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"54⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"56⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"58⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"60⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"62⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"64⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"66⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"68⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV169⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"70⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"72⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"74⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"76⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"78⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"80⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"82⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"84⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"86⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"88⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"90⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"92⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"94⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"96⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"98⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"100⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"102⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"104⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"106⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"108⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"110⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"112⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"114⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"116⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"118⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"120⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"122⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"124⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"126⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"128⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"130⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"132⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"134⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"136⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"138⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"140⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"142⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"144⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"146⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"148⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"150⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"152⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"154⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"156⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"158⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"160⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"162⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"164⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"166⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"168⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"170⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"172⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"174⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"176⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"178⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"180⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"182⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"184⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"186⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"188⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"190⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"192⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"194⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"196⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"198⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"200⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"202⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"204⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"206⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics207⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"208⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics209⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"210⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics211⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"212⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics213⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"214⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics215⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"216⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics217⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"218⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics219⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"220⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics221⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"222⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1223⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics223⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"224⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics225⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"226⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics227⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"228⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics229⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"230⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics231⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"232⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics233⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"234⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1235⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics235⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"236⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics237⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"238⤵
-
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics239⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"240⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1241⤵