Analysis Overview
SHA256
9bc173433cf3f10f49da56f3549d7a995164a16b98009e1af072ab0e894efb96
Threat Level: Known bad
The file 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (81) files with added filename extension
Renames multiple (53) files with added filename extension
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Program crash
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:13
Reported
2024-06-13 01:16
Platform
win7-20240221-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (53) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\IgIEoUEU\wckIMkwA.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\IgIEoUEU\wckIMkwA.exe | N/A |
| N/A | N/A | C:\ProgramData\XaEwQkks\pcgAIMok.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wckIMkwA.exe = "C:\\Users\\Admin\\IgIEoUEU\\wckIMkwA.exe" | C:\Users\Admin\IgIEoUEU\wckIMkwA.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcgAIMok.exe = "C:\\ProgramData\\XaEwQkks\\pcgAIMok.exe" | C:\ProgramData\XaEwQkks\pcgAIMok.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wckIMkwA.exe = "C:\\Users\\Admin\\IgIEoUEU\\wckIMkwA.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcgAIMok.exe = "C:\\ProgramData\\XaEwQkks\\pcgAIMok.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\IgIEoUEU\wckIMkwA.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"
C:\Users\Admin\IgIEoUEU\wckIMkwA.exe
"C:\Users\Admin\IgIEoUEU\wckIMkwA.exe"
C:\ProgramData\XaEwQkks\pcgAIMok.exe
"C:\ProgramData\XaEwQkks\pcgAIMok.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCgYokso.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAsgEEoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGsAkAMY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kGIMwAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jwQYsgsA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nsoQMkAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYwgUkUM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISskMAsI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iwQMYggs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ygEoQYco.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IisgcEcw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qegsIIIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rWkQUoIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hYAMsEog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqAMoIgY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BUsQQgcA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OoIEoQIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkgUgsAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyMAwgkw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ugAEMcQc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DYEUkEcU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeAMkooY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZegUEEgg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nagUMooo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWsUsUUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCkckQIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYkwUsYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkEsckoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIsEMMwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYAskkMA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgsEYkog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOYUsYAA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lYcwAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UWkgIIYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QwoUkMIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mYIAkMIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WiEoEwIU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zQogEIog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HKcYcYkU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIksAEIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TmYgYQIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xQwQIQwk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mGMIMgIU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUgcgUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cAIUoQII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycIkAYQE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcwQoEUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqsoIoMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYUUkQAo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgssIEUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OUEoMkQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WSAIsIwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKgcIAQI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yecEMgAg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FqQokMQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vMIUQEMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jMMUAIcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgosUIEk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EgUYoAkE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywocsgYg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MQYQIEwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMgokMsY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMkkMgcE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xIAAkkIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zOocIAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\boYgAwYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zGwUMUEM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiQMkgcc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyQsQEAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKYIssIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoYsUYgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOMAogEo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REsUIkYU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcMgIAgo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HYwIggks.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bsUUwUEY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gqUYIMAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGMEIMkA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OIMsoMog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGoccUcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCwkckwU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ruUUQIsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGYAMsUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQIookYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWgogYYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsYMgIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iWQEoUQE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAUwckwc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuwUokEo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCgYMkog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XegkUoMw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tAEwwgwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgokUUQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcccYIcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MmIUYkIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WIkgogsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKwEIIIA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lMgIMgAg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\twIowckQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vWgYYcoo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGIssAok.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCUYwwEU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQYsUMMU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yiAgscYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgMYgMYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWsowUAU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hCgIEgUE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XsYgsoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\raMAsoMA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HuoQwwAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWwcIkUk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ysAkQcAI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qgAAQUIY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MWcosocw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSMgUowQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmMwQgos.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JeMkgUgc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TIAkEEkg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jCEAMEYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAUggEkM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1676-0-0x0000000000400000-0x0000000000435000-memory.dmp
\Users\Admin\IgIEoUEU\wckIMkwA.exe
| MD5 | 244c700b4d7ad147d4a2c23afaf0bf3a |
| SHA1 | 50ece31463ae999e92bc056a998f8ec527227dcc |
| SHA256 | 23cad99ef5d88c0233ce33a390f4d54291bf095f2aceadf6cc77612ecc175f7b |
| SHA512 | 296d53e516f54782a1e6a5ed7f040440c6c906ef25d87e4674c8c5bfe974acc6151a2c742f1150a11cd1a896dd81533afa20767c5777e9aa8e65793659311a5c |
memory/2596-31-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1676-30-0x0000000003DA0000-0x0000000003DD3000-memory.dmp
memory/1708-29-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1676-28-0x0000000003DA0000-0x0000000003DD1000-memory.dmp
memory/1676-27-0x0000000003DA0000-0x0000000003DD1000-memory.dmp
C:\ProgramData\XaEwQkks\pcgAIMok.exe
| MD5 | 9da534ae07240a20855d4385b3b80758 |
| SHA1 | 60a66e50e511e4d6014acb455bd347d84db15f24 |
| SHA256 | d8c44ad3b9df8072ccb78d2a2dae0fd08f93c68133fbcafc9788e6add683b291 |
| SHA512 | eedfcd7a7c1904ab15331ce02151f789038dc1fd46e1c77f800a44809fe361ad0c3b29c7f1282252ea06f527b1114b58c887f40b5b1e3e7c0ef9dbd50794e0b2 |
C:\Users\Admin\AppData\Local\Temp\qIAUEMoQ.bat
| MD5 | ae211033365af8170cf4a80689101a7d |
| SHA1 | 02719aecd559c0f2ed4f439ea42130072b8463ad |
| SHA256 | e7f320faa4ea61cb6a31eb92d23d839e097ba211a537b9184bebdbd62b946997 |
| SHA512 | 22a88ba2196f625523ae019b4792f32c0d0b837d49e3f6d178b16a40f6a8bb2a7c17b704337989a735a95b32cd138dd05322f8f1958875d04656b133e8f38a66 |
memory/2100-35-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2624-34-0x00000000002E0000-0x0000000000315000-memory.dmp
memory/2624-33-0x00000000002E0000-0x0000000000315000-memory.dmp
memory/1676-43-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WCgYokso.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
| MD5 | 2cfa6796fc3ef55c4c52c89ffee69a01 |
| SHA1 | 27f7ec659a880adc68377806cfed8a19a83d7a19 |
| SHA256 | 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd |
| SHA512 | 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610 |
C:\Users\Admin\AppData\Local\Temp\geYgAsko.bat
| MD5 | 130cb2d1b9e82c1a8a710ae4e2dae280 |
| SHA1 | 29920d8f5114c891630da7efb48d3fcdf0618efb |
| SHA256 | 364dd9b629b4fe1630d4d5d870295627f214bba69fcedccba4d2167bc5760702 |
| SHA512 | e4ba40f76c434771445f3db35a0257819418a377899118983706501b62a8a77d625acb243abf4692021fd1147aa8354884f3a9a671752c7fbb2eeb404d496b32 |
memory/2720-59-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2644-58-0x0000000000380000-0x00000000003B5000-memory.dmp
memory/2100-68-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YcAAgEoE.bat
| MD5 | cea8475b0424ceb3a82cab74ef1afecd |
| SHA1 | 05b3ee57f84492d1c93fb69a00aedf8399d71ec2 |
| SHA256 | b85ea0911ed49b4494dfe83ff9525445c1f1d2420b02fe6b059a1d71847eed5b |
| SHA512 | 983f52516c62b18b0e2c0e82201b30056e7d8c5b47092d65e598b9cdd87293c900a5b1a6262e014de745b71f7f3c3b17640e7592d68c362d0b7c977cfe797113 |
memory/1216-81-0x0000000000330000-0x0000000000365000-memory.dmp
memory/320-82-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2720-91-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SUYsccsQ.bat
| MD5 | e356dc475c658eb6da8f3927a0753e7f |
| SHA1 | 4687047478011a686c164b60819965f46316efa8 |
| SHA256 | 3257e5287bb8d675c0ed9cfcfe900ad3de1a61a4c38f7764ea1f8975f742be1f |
| SHA512 | b49c57df98e390d311cad55cafc31158e74ab932a9a3292ce1c31961ec89830615849460d67f75406e79ea81ac57ec9d01e0cdaed04cfe6e8b700ca727d239ec |
memory/1164-104-0x0000000000780000-0x00000000007B5000-memory.dmp
memory/1164-105-0x0000000000780000-0x00000000007B5000-memory.dmp
memory/320-114-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hMEIAkEQ.bat
| MD5 | 431ab4fd3e1c3625de2e60e45eee5b42 |
| SHA1 | 275ff27a9ce258ecb699ce6adf169c0207fcbbea |
| SHA256 | ea6972d09e4086ce70fab72e1dbae864676c70bbc4dc30b085bfc2039f7a39be |
| SHA512 | f03f2b9509c199a7bf9b09ddd4924e2215ebebfca8245f88ebab788bbbb10be72e154d930684ebceb1fc6a0278562ba97ebf494173e6bf6d360b5fccfcbeca91 |
memory/2400-128-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3024-127-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2800-137-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vkowQIEQ.bat
| MD5 | 7c50912d8c80d7faa5dca718d5e48ceb |
| SHA1 | 14e5e1c3660bda242e377e7f66177288c4ebe72a |
| SHA256 | b640fc8896ff2d54b8d10f09956d40ef6b8b9ed0fcfc9a9d5f2254fc314c69e6 |
| SHA512 | dbc0a2fc9ecd07512aeef404e1e12c9d9602300962277c74afe058179b534887e4fcddac885ae7d03931e90b67945856607d0973f1b02e11e3cf0ae166743044 |
memory/2152-152-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2400-161-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XyQwIEYA.bat
| MD5 | 425e165e5c40da5f2d67cae87e817feb |
| SHA1 | dc26adfccb880582f6da6578d6f8aedb8d67573c |
| SHA256 | 1deb91c1c301325e09b4757626b27a20651d238ec5dabe64cc622060b6abd36a |
| SHA512 | 9fb350fe166cab94bbdf4c9d255020f83e2204ba08f323df5268c67a94c7cb39f2490d99c69f9417487a4439b7b70ae40956caa4175d77d86c69d1125659f8e4 |
memory/2580-176-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2452-175-0x0000000000120000-0x0000000000155000-memory.dmp
memory/2452-174-0x0000000000120000-0x0000000000155000-memory.dmp
memory/2152-185-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dsYkUcEY.bat
| MD5 | 1ea06329abe0c96d88e6e0fb6ef8a08e |
| SHA1 | ab8912b11e8e1ea4c9957b2783314a67f4e3b6ae |
| SHA256 | a2997c42998efa7c7c0679bf9bbb5389ce5e39a0891655402c3bb30a3265ef97 |
| SHA512 | 04b9a2f2e1892c26d2ea9443b41e4df989344baaa1407546088b8577328f877b68d4cb30ccb5dfbef5c6ed87fe914f1b42693671b02d3efe97bca58c7d63898c |
memory/2208-199-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2884-198-0x00000000001F0000-0x0000000000225000-memory.dmp
memory/2580-208-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GmYgMQMA.bat
| MD5 | 67bc42b7faf25feef6f1e80eaa9b3488 |
| SHA1 | 082e866eb3ccbacd5208db5523828fca61260b97 |
| SHA256 | 5e08a2482a520ef162b0160faddff038d6191c118c5ae6e0abb609c0eb6f5147 |
| SHA512 | bf270173bad2178642596be2bef93a54fa0e13500ae5b7ffccf7279cbede79717cc1ca51b5cd409e0b71f40787db581cc1e1e43e3540e07bae692b2a6c29fab6 |
memory/2712-221-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2208-231-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WAEoAwsw.bat
| MD5 | 58fa3cffc21414e6b11814b29030ff32 |
| SHA1 | 7085549b6b6afe6702dfb5f947217b4be5061dc3 |
| SHA256 | 06d5e441fb78d36054fcfb3439b802f013140fe62f748b245b7dff85c327a765 |
| SHA512 | 17a2bbab360b754f611e463f7793cca66f57a65cba3457a227fb76773e150530649e7a3d4802c7c46c05f0e6a21054efcb64d2918e6673b15d395bf91cf63dd3 |
memory/320-245-0x00000000002C0000-0x00000000002F5000-memory.dmp
memory/2712-254-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KAAAgsoU.bat
| MD5 | f252b1d490e5d849b836b4857f3e2e1b |
| SHA1 | 8cf9b5cf026a4c98c68ab38a62425fc073d92ed2 |
| SHA256 | bc03213b1c5d78bcec37343b452c871b75dd687aa1bc20409be2b1c2cf652e3a |
| SHA512 | 8701341eda0a83011186a5cfe965368997843b897157203af08f7406b994987ca37e7c2109e8ca4913608f9edc803f653dacf8a63ace245e45b7f3b48bc2d7a6 |
memory/1528-269-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1980-268-0x0000000000160000-0x0000000000195000-memory.dmp
memory/1980-267-0x0000000000160000-0x0000000000195000-memory.dmp
memory/380-278-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kowAcoII.bat
| MD5 | 8a55ee15e892f45e547227241116466b |
| SHA1 | 48bd323031596361c08236dd70c780b735cc0b88 |
| SHA256 | 76fe5b79f0eb5b1463c8fce4296eeed72fef6827f891490aa5e7b6533a11ea9a |
| SHA512 | 62c5c81afa3377ad6fef3dfd0138910c0c9131c3ce8c9b88c41ac9404cd826fbf398a4e2bb9e59d64edbe3bc0a50e7f9b2eb87a149aeee1591f7c2fb784aa439 |
memory/2572-293-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2400-292-0x0000000000170000-0x00000000001A5000-memory.dmp
memory/2400-291-0x0000000000170000-0x00000000001A5000-memory.dmp
memory/1528-302-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RiUkMwoE.bat
| MD5 | 7fc9b8f5c0de66e2a31108b5240679ce |
| SHA1 | 833499a3377ee6aeed62fc1c669a676523d8de98 |
| SHA256 | b32bcc4af7f4f532526145cc2d978c7b699b440891edf83b93e5324e60c4c657 |
| SHA512 | a86a42c999b58aee3e8e87be091dfe67b6b0d2d27b4bf5d25a0ce18ecad58f7766345dc84fed677efd906f4eb45ec31625808ccd0ff20d1f62316f47cd6812ba |
memory/1804-315-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2572-324-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pMIokoQk.bat
| MD5 | 5ab8cd6cf4e55b37f0fcddc06c9abd55 |
| SHA1 | 3a3aa85dce3018a775f91e87210406b1575a735e |
| SHA256 | afb6c9814c6fd072f16d3737e577cebf720f0d13f721dca500e775dee245893f |
| SHA512 | bc77457d68780d0e3bf8689f5af495a886f732b22b611c5784aeef3bfc98cb1953c826746da9cfcf7d62cecfd1c28813b98df58ed1cf80ef3566200a6ee1b394 |
memory/2160-339-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1248-340-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1804-349-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NCwMMAUI.bat
| MD5 | 426df76d6369909167c757c56f28ddc2 |
| SHA1 | e5595bf3ce994840c27d0bbea3a0e678dcec73df |
| SHA256 | 79e9fa13a616537e7a316ec181985a69bd04c421e37730718d45198c53fa2911 |
| SHA512 | e9dcea7b20c04a1c6804ed7100e562054c3304d03bcfc73682ed5ed5117662b890528c3ed0f8259a599bde315f2552e03e9fa65166b6c3707e04f5c529208d05 |
memory/2912-362-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1248-371-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jCoYQQMQ.bat
| MD5 | 4ed8396749902d9954eda47aae558ebf |
| SHA1 | 93fe4051fa2f662695b6d8b5cd4fb55ec98acd04 |
| SHA256 | 10a540e4a73bf0c1114ae2c72616ab378bf0b4a4c91e168f93a78043c9f133c9 |
| SHA512 | 2db29e8e54ac6b3949309b95e4d2b6472b411d597acb29bcb9eb75d256428233c6e99c02d3cf14eda14d15c9a51069c3a434efc078e25bb874ed2fd4733f3bc5 |
memory/1308-385-0x0000000000400000-0x0000000000435000-memory.dmp
memory/412-384-0x00000000001F0000-0x0000000000225000-memory.dmp
memory/2912-394-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ASIYMEMg.bat
| MD5 | 74cb3b0785a4d5ff32ee82d4f9e8284d |
| SHA1 | 3b6f458972050146846f477c5d17bc559bc92745 |
| SHA256 | 2ba563c8d50b66fd744924b4c8f6930a7cfe85705b9aff8e7728a90ebeecc592 |
| SHA512 | 4b64436445006201e65e4733d30fc5b63ff767b251ba269783354d82c9b6271adcc73865852a648b2966f36b3493bd2633d409617ed0874da4c8d7885ef80a45 |
memory/852-407-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1308-416-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MCcwoksU.bat
| MD5 | cd33239c33c5c8d248e7649210ddb103 |
| SHA1 | 7c7f7620488cb1e5dc038da771e8a02992f5b998 |
| SHA256 | b61f3ae226bf03185179e60759347d3447a2845633ed9e98d7a59a2696de374f |
| SHA512 | 215d736fc8ba0f26697b3c455b258d844606f01a16ddb64925b1054dfc6bd25e0aac986ae4a5241e9e09b972850ea3680565b1473f132682c929ea7bf3a3aed1 |
memory/2616-431-0x0000000000400000-0x0000000000435000-memory.dmp
memory/852-440-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GaokAQIk.bat
| MD5 | 593267432d3d09e45d09cdabca59de72 |
| SHA1 | ff013aa678749ff0342521185d765d8a1bfc1d26 |
| SHA256 | 8137f958110cd708836515edcb5f7673959677970e630926f76ddadac8c6e17a |
| SHA512 | 2df4368e5c0ea8d002b439e13a16b7e04f55e231862821d1368b71af432d705b8bd5a10c6e671d11bee44d1fdd4550c1d0f3df152c902ddf682050da42bacd1e |
memory/3024-454-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2012-453-0x0000000000460000-0x0000000000495000-memory.dmp
memory/2616-463-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sOIYQsEE.bat
| MD5 | 6a718a4a9bb85a287d2d7d7e79cd814a |
| SHA1 | 506e57ce1825f87cd73464debe2d0423d8e19d55 |
| SHA256 | a36ebb8b657dc2765bf3388c125f090838ce6100562802fd9da16e5ab10e7064 |
| SHA512 | f5b4957dfd484bd950c3c8d4f7d271118fe64475c4e2a8bdec20ea0102690130929310fe24b5a1acdec1adbcf6ab298a022e9227eca4ec4decd666fa16cd183f |
memory/2312-478-0x0000000000400000-0x0000000000435000-memory.dmp
memory/392-477-0x0000000000170000-0x00000000001A5000-memory.dmp
memory/392-476-0x0000000000170000-0x00000000001A5000-memory.dmp
memory/3024-487-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nuUUogMg.bat
| MD5 | 636c061fbcf6a581fa07667edbc856eb |
| SHA1 | bedda269317ff5d788659a44829ffcb1d4fefb24 |
| SHA256 | cbd5039797ad9f38a9ebae20e3a2bd388f4dcd4e6e76a2b1e9b2bd8e8a54424f |
| SHA512 | 7bba394a0ec5826218fc06bb2a16099d65a9498e73fe67d529be533bb2aa54081f198d9a28e80ab622a40b2160f8e8a0aa5b52a64b284149f4e23e124af6dc77 |
memory/1260-500-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1452-499-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1452-498-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2312-509-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lIcgMcoM.bat
| MD5 | de8a409e2d1c46c93056c1365e23c93d |
| SHA1 | 45e1ad2fbda75ac858b2a4f32af6e7e6bdb19280 |
| SHA256 | 13d425bac252ff02efcda493724a3cb6150d60bd4ea074baa90d071be5ebe9ba |
| SHA512 | 4851461f8f85bb06a76c2ef30155adf9e28e744eaae07b43c9c33842ae126091c8eb0c30fe79dca01e5e165ffb5f3b74ec047591de8ea9e0458c81cbd77ffef1 |
memory/1104-520-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1260-529-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zCcIoYkY.bat
| MD5 | 4e462cbb6de60cf6b4526d305794d9a9 |
| SHA1 | 825f8345e86edea0f3e1dc6caee5b23f0eb0b7d6 |
| SHA256 | ff1a67c2e317dbbfedf08fbd51eb91dd45cde2eb0aa3385100a9ae589dc1ed30 |
| SHA512 | bd33db020824a1e3fd797cd43f74827e8dc0bade48da00128ad2cc2df6052c47c4a88935506917f1e94bb592f20b1628317d4cedbee6f5a17cff6190aba291f4 |
memory/1964-541-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1724-540-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1104-550-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fIYswYgY.bat
| MD5 | 01941c0f4df9a3f1f85e5947b40f17bc |
| SHA1 | c2cdb37f69827ed79bd22c1cee7b23f284bd38e2 |
| SHA256 | 6e388d179046e70cbe248b52b1967ae33bbaa165be8508dad62c04d0491dd683 |
| SHA512 | 751940c0f5ff68fb4874db67adf960390421c6d73859c5809148b2194dd3fbfbf52442a2a76d469eab0dbe988c198a7f54e8142e9f2a6cfef5701f8cf2fc9b4e |
memory/2664-561-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2772-560-0x0000000002230000-0x0000000002265000-memory.dmp
memory/1964-570-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NAgQEAQY.bat
| MD5 | 51afdf9538a8311bbd5e9fe764fd7215 |
| SHA1 | ad32194f49b2fa0f3873ad3450bb0c2638abe36e |
| SHA256 | c99b43984a83079c7388252cffacd45c39b131cab933f84a3fdbe21dc8fff11a |
| SHA512 | 2467f6c36f60bfaa34882c42f18773d23c341bf53466425a5c2cbcaa73e107f1cc998e8c2bac478557dcc51dbf35cdeac93d841bb1df285170cf8ff72aa8835e |
memory/2664-588-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QIAUowwg.bat
| MD5 | 8343a8f3479e4244603aeacf5a30e0a4 |
| SHA1 | 607aef16fc82081218a27f0b86b724f7355619a6 |
| SHA256 | 706df04656547acb2f616a118d03160654d785070332430aa73487c2f99e5a0b |
| SHA512 | 912919adb677be7cfa97c21cb526be67cf534a229c008e148304f37956eca1d19a89407ace4dc295d39b412a7089dd2ce9c3445670567d4aeb9315e9f56798bc |
memory/2220-599-0x0000000002250000-0x0000000002285000-memory.dmp
memory/1212-601-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2220-600-0x0000000002250000-0x0000000002285000-memory.dmp
memory/308-610-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\guYAUkgw.bat
| MD5 | 2ed2696f4eb5df6cc4345b0926e0f6de |
| SHA1 | 1ccd14adc404d018c3e008a67915c9dfe64eca82 |
| SHA256 | 6cdd33727bb3162a9b13090e35496e4cf6f75867faf56c2ab42362e454d38ebc |
| SHA512 | c66fdf5412a4eca918de8df20b572b2b1f4c0ee1fd054cc6ea1268b0a8d501f07e24e96c63ac9a4f4e53369db14643903539fda03461fd0656f0fa487d4ec5a9 |
memory/2208-621-0x00000000001D0000-0x0000000000205000-memory.dmp
memory/2708-622-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1212-631-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yOUYwEMQ.bat
| MD5 | eeb669e6d04a13b514423726a8637528 |
| SHA1 | d3ce77b67cc81721846b79faa80f2a7225638d71 |
| SHA256 | 59751be02b22e2b723e717ee76260bdb3b084ae4ad7e4051422b39446b1d1f41 |
| SHA512 | 63250a8a43f301ec6429470d4d32741f0f5ce5934357f85a4c4a724f0db0d3c9cea60f746cb26218a3111ea63948d09009de83df6a3344dbe4634b664ef98038 |
memory/636-642-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1080-641-0x0000000000260000-0x0000000000295000-memory.dmp
memory/2708-651-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OukQgQoE.bat
| MD5 | 0aeb4995a7b39995ab3ed0eee0b11c24 |
| SHA1 | fd204526d03310d2260bfd92b06cabfc2260a59f |
| SHA256 | 68281450f3c26e946a5462fc53af03ff7387bb7a2ff655d765a277a58d017d97 |
| SHA512 | d8464b09260d6bea63808dcfe5d1ee833d9214f8fba73cfb0a9973818d96615de3a9da317ae6caf84326323cff43935228fcec919a2a8f9e5e9bbc52509b7645 |
memory/1968-663-0x0000000000400000-0x0000000000435000-memory.dmp
memory/908-662-0x00000000002D0000-0x0000000000305000-memory.dmp
memory/908-661-0x00000000002D0000-0x0000000000305000-memory.dmp
memory/636-672-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DOgIUgkE.bat
| MD5 | 102e95942cc40cb73342d32df753fb22 |
| SHA1 | 40ca96e7b33f3d43491ef78674d7396310fbb3f9 |
| SHA256 | a865aa6a9b603a77bb1314536a4ace1e3c9adb8b223ce482d6ba05cab2e4437f |
| SHA512 | e243e82ab041570b373bddc7e20e12ef67dea17408f332a201b070669ee57985c1373f666843c356e77b4091f0a0ba8e94fd50cd411ab185b9734eb1ab69061c |
memory/1340-683-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2248-682-0x00000000002E0000-0x0000000000315000-memory.dmp
memory/1968-692-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ecgk.exe
| MD5 | 1235d02e4619ffef74e107de91e4d8b4 |
| SHA1 | dc9ca760d951169f8b5db57d25a9f3918a7ca11a |
| SHA256 | 32b003dc697588c3c699f986e17784a5066898d084378bf96d949efda66531c1 |
| SHA512 | 5eb3269d98d5940ee2db17272732e8dc6cce933961d698b2b750f6989bd5b43bb6c616393408da7bd576f99739bd4c920a75f8ccb34f856b8bae7b37bb9a88cc |
C:\Users\Admin\AppData\Local\Temp\LuUIUcgc.bat
| MD5 | 11502e853184a754a3b0c7a2c76a6e93 |
| SHA1 | 60ed5af79dc3bbddc7dc62f5fd02e17b4f484184 |
| SHA256 | e205e3eaf7e60958c13cc1f7f3d963ffc5a3662684db4026f0de8777cc3dda70 |
| SHA512 | d993ce069960bf841bf4564c00d61c7316971fb2525281ac811e1ffe52f16064cd617700f3f249b92c7eeebd0f8e742b4e08f58a1680fd16020f18687fa1d553 |
memory/2196-718-0x0000000000370000-0x00000000003A5000-memory.dmp
memory/872-719-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BIQosgwM.bat
| MD5 | ac63121be612c2c94a9194cad3146cb5 |
| SHA1 | a3d3f0d14cef904ef60cc8a057388e337cce9410 |
| SHA256 | 86230fe9129498d2c63f27326a613f6b44f62044215dbc7b7e1ec9d0c3131656 |
| SHA512 | 5b5ec4d1b6cbeda0e66fa86bcb9917771526dae62bd098ff80b9b857ec3be02136583dfd423e6aae6fd7a01ee54b8c01424ac9e60395174ad6891510d1a0ae71 |
C:\Users\Admin\AppData\Local\Temp\nSswcoUE.bat
| MD5 | 49bcc1a6424808894dbce1061c550048 |
| SHA1 | aeeef76f258317a6b75e3e28a6e58b7a94c39864 |
| SHA256 | 5bdea49a1c38be81a8b1adf769b47962dcaf41411ef83221d53682424361749e |
| SHA512 | 580f911f4eb04b4655a23ff82b8702c0dfb0ed70cb8958199ac76e34bf3f82ad1e4e9e49f5ce8f2cc7652b20a792eb88862775675fcb7254889749801d800f20 |
C:\Users\Admin\AppData\Local\Temp\CAQkIoYc.bat
| MD5 | b625a5afe93c247906662eb8165e2c84 |
| SHA1 | c404ef95fb4842fce288c3ead6bf5ed1c0c40a11 |
| SHA256 | 02839794c2bdac395cb2f8a46e80d618e23babb54f1ac3926061b83bf7670a49 |
| SHA512 | 03473a4f0b712681a60d67c0efb6534f712bd060df67c0655d59fe980df1cb32250ce39b753691a1f900a7606fb6a3c877ea2348474ef8a4e63c229fd1adff05 |
C:\Users\Admin\AppData\Local\Temp\uAgUQYoo.bat
| MD5 | 1ab388b05f25f73cf411df9b0672087c |
| SHA1 | 103f73318859ca7cb8307545d585b2534b5b913f |
| SHA256 | e338625afc12aec2128ea764eccb688830cfc56401b95b03232d2097c99965c0 |
| SHA512 | 91e68f0147cfe403c81abe04eb58a0d9e951c78812731ab3d5690772e596663d4506b91c345d5f22b957906d9a426adb39ef39b7c6617dd96b2e6138718b1865 |
C:\Users\Admin\AppData\Local\Temp\CMAMgoIM.bat
| MD5 | b4cfe23894071caa0b5ec321edb73e4a |
| SHA1 | 946fe4a17a1e012603f53bef59eae88dce38c266 |
| SHA256 | dcfbde3891e2a52c828bf05dedee28848d72ad2cb460021ca6e9c04d9b35b7b2 |
| SHA512 | b537bf710ace2c8846370c678dd703574a3c4e9198d838b10c038fe0ba7e039c655e76334fecfe0008bef3164fbe6c1ed7ac52a39a8cc3bc5afc7fbb2641bd44 |
C:\Users\Admin\AppData\Local\Temp\OicwwkwE.bat
| MD5 | d3f705a8ad184b1a465ee215266ccda4 |
| SHA1 | f1f64ed64b3af9a0714b4440d06563778fdd94de |
| SHA256 | 28997b8d7f9b12e5ed9467b3cad3d52950923fe2c4d9dd21e56672ba7573e24b |
| SHA512 | 9cb0df5c6a372f226921428c3aa72384260ea4f3b5ac78971219f7cd3a7868c44987ee8f2a86492516015f488eb2798bcf8fa13851c0de7f34846c8f352083b5 |
C:\Users\Admin\AppData\Local\Temp\VUMgIoQE.bat
| MD5 | 424807df36024d70965512b20c0da0e1 |
| SHA1 | 9a7f11cceb8907c6358cb050c78d291458691db8 |
| SHA256 | d9f6a406558fed6fa0a4a445d3e9aaa2072981a4e1efa8508efbdae0fd487974 |
| SHA512 | f07b4f28acb34df252d8d29c9674eddccb59bea73a65238baaa8dcb903b749fc40c4c57ad67cdf6b1043bee6caee9c2f533544670c10a34b75f3e4ed6554f0e0 |
C:\Users\Admin\AppData\Local\Temp\pIAgoogM.bat
| MD5 | ca1ab748c8bfbc36d8e7f102793e276d |
| SHA1 | e8bb666868d9ae96466b2243582b3dd192eabac3 |
| SHA256 | b810e8a60dec8bae2c87247f14ff8c0a62dec2815527aed9bc11a2069970ca2e |
| SHA512 | 5c64c2eb52dc9f6cddd84e7e03b85017ecc37eae9cb814b2886aa609306235d223d9c9996885f5bf85346dc724ef90fbe5f918e74f7ada8a66a13fe2f89620e3 |
C:\Users\Admin\AppData\Local\Temp\FUYwwsMA.bat
| MD5 | 2895d1e4e632169702bae8ebca2eeb27 |
| SHA1 | b8072a70ed33c9a6962c8bd838bee3e380cf7a95 |
| SHA256 | 68870d3608afa414ccf375d74192a09472e2f1956b908465533492a86a0db458 |
| SHA512 | e446f0c62bf9799aa1a1e9fa8e680da2f7a4f2b73ebc192636167c114b4c31f6df72eeca7d923d0ab722465cf0424bd984364ddf7ed6ed37e1ef038ba76d96a7 |
C:\Users\Admin\AppData\Local\Temp\PmYcAgEk.bat
| MD5 | abbcac6e6bd60181fb2c23a0d33779d7 |
| SHA1 | a2ca89384843e24b6850921d866412e63d545be6 |
| SHA256 | a5a61c36dc07c1f85adbc3a84e64299770c47acfb40407f5bcae0b91819aa27a |
| SHA512 | 48bb15442a0cf0ad0a3caafe01d11121ef8817f9e55bc4cc125effa17274080b19c0f6579a7d44e0974640e6e1e7fcc20f80a708c149c9e3ce272948554b85ca |
C:\Users\Admin\AppData\Local\Temp\lWMEcYgo.bat
| MD5 | 751288466b6424286137017548af3c0e |
| SHA1 | 2e77f02f65fadb27d0bcfb7fd64024cdd1eb7b19 |
| SHA256 | 7af4e1072a5102de6c263a5fe0439529c2c60aaa3d0caad275ffa49785fdf936 |
| SHA512 | 5b91cad851bbc3e9277dcc90b88a4fb4ab4bf6ab98d2ed7696c1fe973ad75261f7ce952b9dcbd05bc8514874b4878a912ed6fae8f6f65f9e0626b37a1b10a246 |
C:\Users\Admin\AppData\Local\Temp\wQwUUUII.bat
| MD5 | 4d17914bb3e95e015c1a2951436887dc |
| SHA1 | 92c72988811e3d959eb32a2f702c635718c8c7e7 |
| SHA256 | d375454ed0ac33ff7d8f28af777037f442f62f27bc1ab7a8e6208be652a9b42f |
| SHA512 | 9ab78db3f57cd8f402b966dcd565e387ba809d7d5824f56c4d555f0971820a748bcfa546ce2b82e7c5b1f85d4705c07dcf213ccb6b49bd4369ee8ca47e139b22 |
C:\Users\Admin\AppData\Local\Temp\oqsQYYoc.bat
| MD5 | dd4036e800ca99d7ceca8ef6b3d773db |
| SHA1 | 9af0376304b5dc9c9da20534f51bdfa3b297ab02 |
| SHA256 | ceb24ffe1d131a264c151bb3524dcdfb4f7c53ea1e784b5850d71c4465ab6179 |
| SHA512 | 478b5ed008f67f6b85dbc8b323caad70edf6a96bc9ed05c98729437c08ec741e1f33babded7ff9f015af6a8e8cb721ab75e9fa2bae9b1efb455ebee3caa68d38 |
C:\Users\Admin\AppData\Local\Temp\ScsgYQAU.bat
| MD5 | 3d339b51e6212f0a7fa94be339fc1735 |
| SHA1 | 8428b9340b7ec76102761419aea96159ef5fed7c |
| SHA256 | 3249fd6073e26eb30d701345ea61738552f709733c2a04f837701f74489c19fa |
| SHA512 | cbd4d96e8e745939cf827f9399b6fbe9e5395fd1372cf4ba56f22a91d1e06d999f294e023a5602056d965df8fdbb9db5629bd7d4087185c42afcd499abdb1504 |
C:\Users\Admin\AppData\Local\Temp\cokoQcAc.bat
| MD5 | 438718fac0851c1aedc754ea28442cac |
| SHA1 | 4a003d740a0baa49b166aa93456d611c4bff175e |
| SHA256 | e473fac5d5b420d5ecad1356a544dbd65acd046eaad84ad21a0af11bbd215c0b |
| SHA512 | c52fac5bb030d07e4721811d8f6ab96b0cdf99ea1ca869baea59ee9ac10fcfa2919639b0ee84c1165b8acbad417fed9cda68bb813709ce60cbc55b190ea45499 |
C:\Users\Admin\AppData\Local\Temp\JQUgwcUc.bat
| MD5 | cc14f6e532a32ed2bf38ec5a02ff11ed |
| SHA1 | ab6b3a309b6533533639f62033e23bcf21964df3 |
| SHA256 | 70ecf294b2d650702811de6303b7a0665ff038eed4e444a062c8be1420a6d00d |
| SHA512 | e015294b528d9af9f8f93d01d09f26f1b4551017aec3532d38bd19bef3ddd9a40a55f051fb0884fb89bfee9dd3a764a7cb9fc99d28118727b26285bffa9b80ab |
C:\Users\Admin\AppData\Local\Temp\LIgQIAsY.bat
| MD5 | 1ecb60909222a417fb1e8f21d40113b3 |
| SHA1 | 8790c7509723e39652f0c863bfebfdcd9be099e9 |
| SHA256 | 7763855c2f914131a62eea596bef8573d02e66a99932057448711de288213426 |
| SHA512 | da45f0aec9a69928f37b5c42d11e947fb43e6ad610327ad80cc7a3775faaa060c137bf43d36514d9a893052bf5d18836dc5dc75fd822038fbef24f34c917af8c |
C:\Users\Admin\AppData\Local\Temp\KwIE.exe
| MD5 | 4ea4e0dd54aa31e56983eb5559a8a0ce |
| SHA1 | 703a5a4f4d47f6b351dbba1601282e0c6f989f91 |
| SHA256 | a70cff3cd58d2ff7734c2c82213ccb440bb4abe7207da5c8bc795bf231f305b0 |
| SHA512 | adca13e0f38983a478dab3a1e08c972124644858c844e8e14637cee07440f406ee8e5c7aa5c891caa46ff71850797e3ec2f7073d68661360bfce3dc75e2fb565 |
C:\Users\Admin\AppData\Local\Temp\EYwq.exe
| MD5 | a28309be41d6217c311bdff7edc5e463 |
| SHA1 | e92ff81342b35025259e31f445dfbea2f852403e |
| SHA256 | 8641bd7eb10266ca3c5f1ccc923af7be63da886c2623dd3a2338033ecb6fce69 |
| SHA512 | e4f7d2ea4cda6daaaf323e6cace173edb001af3761b9f08e1dd5a710d9aa37197b15e29af8af6d2382b4c46a424c8eef4ac68867761c1fba9cfbe0b4b2dfd615 |
C:\Users\Admin\AppData\Local\Temp\Wska.exe
| MD5 | 53068da0f45fa43001d62e8d654090ad |
| SHA1 | 88ec59e98e0f0668895de87857c1224fa98c7fd3 |
| SHA256 | e4a7c42b126da97466affe7d7a36ce1b469b2648af4335805d5c07dd2f959594 |
| SHA512 | 171780a39e3d235a912dcc49bc5b6be64261bd82c063a024a1ecfb6aa6a65554b4ddfba4523664c04034e94485b485d763f65202d9c7f9029f23771d140a17a9 |
C:\Users\Admin\AppData\Local\Temp\aoUS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\YQcU.exe
| MD5 | 4ff803fe95cf6a83f612cebf99af91ba |
| SHA1 | fc8fe3e7fe93fdbc91a47acd15bce03b10e6b4bf |
| SHA256 | 72af48b16022178c8525098f62a4a96ee90fafdad9c635821f305e7eab3df3f1 |
| SHA512 | c45b8de8302f101cbcd31b927f43de69d8d2502d8bc06f55d86b3696bdbd73e6540fc48fadc1831623af4ef7b2034bd0b12acd2708d4b9377d9351a3e8089063 |
C:\Users\Admin\AppData\Local\Temp\gwUM.exe
| MD5 | 559a29c3f0498aff8d19526f42cab2de |
| SHA1 | cc8adbeddb0487e138174e051f62b92ecdcea6a3 |
| SHA256 | d02677b21b54192c0fcebcdd3daa659ae8e357d4fd4ab21e482dd47c3128830c |
| SHA512 | 7cd6f5d2177605c08c614d4dc021f6ce45efb8c8b7a4b431aa1a1be810663cb1566c1766e180029548b1b3977eca4c71ec026a751b677a7194199f3c0d505935 |
C:\Users\Admin\AppData\Local\Temp\jmkQMIEQ.bat
| MD5 | 7b1674ae0e038912492842dcd867cdfb |
| SHA1 | c8f2e46af10e98130e95e83e9b5b416213ae5c14 |
| SHA256 | 7b9ee871cec204300171554773bf30e55d2503e6bc29715625f2bc2205813b97 |
| SHA512 | 708ac94f6975c9b46d79da9ada775c53c08364e1ef4f4523a234f34776810003184b38752455d966cf7548a230026e33e81f4f492f56662b5b4cdea58b805a77 |
C:\Users\Admin\AppData\Local\Temp\ukAY.exe
| MD5 | ff91bc77b1713f3f86f8d953b9002040 |
| SHA1 | a251230fd9928df2feee1aa3bed5ca6c38d8fa77 |
| SHA256 | 2b51cd0c6915b6aa35ae587262bdf60533381b1b3e439d36ca93448739e92f30 |
| SHA512 | 6fe1029e065f3b652a31efaef975fb3cfee70253c06fee1e53d54f43c402ac58c704544141c8d85f925912a27beca1e3e34a03f9cf4c1aead888a326caf43016 |
C:\Users\Admin\AppData\Local\Temp\eIcu.exe
| MD5 | e59ddaf4821706cdc7e718b57d4f7b44 |
| SHA1 | 0d38a6b3eb1c79ecf49ed20bd8ec5fba78560c74 |
| SHA256 | f7463602ec39222e1f130f7b5adc6f74026c0f57987432e3148ad8ed1ef9addb |
| SHA512 | 13521009cb7e54be61678593432ab9f0a00c3f3ea07549fa6e9731f66544554f8458cddadaa3a797bede6b4effb436b99d1dff7329f957e7263a63b9b1d217c4 |
C:\Users\Admin\AppData\Local\Temp\kMUK.exe
| MD5 | 71f035aeba6564a002f80db29c0f117a |
| SHA1 | 14d9aeee2b773d62b5e328175b42396e0e488581 |
| SHA256 | 902b4d64e6b16e4045045d6d7b112ca7ae64e9364cabd6c3106f20f08bfaf585 |
| SHA512 | 71c390a738ecfa9a83c18cd699e5a397c3b45df763a0f6ff18384c98b2953dd89b638461f005ef2b2ba699ce423039d74d22edc716d694b93e2cabbfdbcb333a |
C:\Users\Admin\AppData\Local\Temp\cAIs.exe
| MD5 | 51f1755788a82008f97ef1dfab0805b3 |
| SHA1 | 74e2d3b24b7b4f7ca19d910a581f13adf79a628c |
| SHA256 | 587f1e06acf280b01b5af52af3eaae940db6c53f9db93594270ee60e2fc8ba29 |
| SHA512 | 24d03f5864c2ec8940cab978341bd37fea67e59f24d30fc8911f0da898b5c28e882c440301f29bb2f21573fe6a8c40fcad3bb4dc9c3ba2263d50527821f2eec8 |
C:\Users\Admin\AppData\Local\Temp\WIoM.exe
| MD5 | abf811dc7f10079012a5727bb0929236 |
| SHA1 | 886f89a85f72ab6423a96f5226eea0c932953c92 |
| SHA256 | 6c900e6e8ebe43998152487a90016e2ea8259d39af335511ed250d82e4e7efae |
| SHA512 | 3b90850432d1f497fd1604eb7d13f756aaa9ac0a53f48c1e014f512c56681e10b90707a72e3467ac00d65a9060b7470a16c00c7362e1eba38d5b3c766191f320 |
C:\Users\Admin\AppData\Local\Temp\mAgW.exe
| MD5 | 8daadbd3c9c8b9a06babf78ba1db084b |
| SHA1 | e913390f612d53bf6ff17d221db158a5ec445857 |
| SHA256 | 7c33cb15edf94326b3ad4146dec33622b701c86dd76f78406ebd3a440e5296e6 |
| SHA512 | 8392126d69cc971e9fdb102c7cf3962027f2f327614e57542b142f5a735eba90bb18ee493b18ccdbe7642faa7ee085f20cd34e0217be13e4a6ea0c5df5b37d21 |
C:\Users\Admin\AppData\Local\Temp\qIEm.exe
| MD5 | 0125b9842d7839866044e76110d40a38 |
| SHA1 | acb36f323f82375ca933c6770f687bd9d74586e8 |
| SHA256 | a62c7917699e50d942de826b7d72ee57662e8da7aa45cb80f5b121686a98ee79 |
| SHA512 | 4cd9d12edff6f27ecae63a6151b4e5c62cc1a1ca3d108bd3b69fd3656b9fdae6de84b80b87a0dc170448617e9750b7c57b903c265988b5ea899b85100f24c8d4 |
C:\Users\Admin\AppData\Local\Temp\niwQUwIE.bat
| MD5 | c41db888e8141bcc47c0f0e54521ecf7 |
| SHA1 | 49e62716eaabda70f672dc575b3bb56f0ce0e707 |
| SHA256 | 7ed1ce4643bf344893b019f3fbee105fc248af1684f03f24c49b5ef3c4e05d16 |
| SHA512 | 18d5eb05e74d9af41c46194a7fee100d0bad117c88de1c68aba8e9dac59fd904c81d1bfd0dff219dfcc387b02fa9f6e91d560b94bb113857c7f3f485435d64d4 |
C:\Users\Admin\AppData\Local\Temp\oMMs.exe
| MD5 | 620dd4a6bf3cd6c87d4e6dd2f19984c2 |
| SHA1 | a8279d2946953e66a664a6d0cf7eb7af0a5ba2be |
| SHA256 | 13ecf5b45b52d6398c83335c4251d52d73d80fe1f3c6aa9ffe4d3bf75881307b |
| SHA512 | 09b1e00cf3e42e361cb73a4589d06a43155a65125ac853c2cf1e69763ca70976ba2d890f2e45e0552acd1c368c4569349604f090d5313fec11dae823482847ff |
C:\Users\Admin\AppData\Local\Temp\YIAE.exe
| MD5 | 29553f805ed731d8269769caeb3ed173 |
| SHA1 | 8a38cf46ec514b170ea0e04f3bd583bd87f220be |
| SHA256 | ec2732862e212ff7cb2d868b384287086887119dd9ca2cd34738eb2d7fd9a698 |
| SHA512 | 18832ce6cc697f37a71feb733e18d41e5f059fb8e2ecf26cd5ca0d33d439bf7592ecdb718ba4bc46c9ca2e00d52a510eb05abbdbed5c7ab150243825a19d2403 |
C:\Users\Admin\AppData\Local\Temp\MEgs.exe
| MD5 | 5e543d9753e8fc069486ab27f7192c75 |
| SHA1 | 7337103be900bef9fa7fff0dcdf351acbc28b978 |
| SHA256 | a08f233d6ec8011ac828885dc953c51eab0bcbd64b9494d47913ba444204eec8 |
| SHA512 | 63d6905babf39de4cc2cd2023cac54bf46df25295fc89c3926bcce3c5a44b5e6803661bdf5fa506ddde9334ddfc7eece54654eaea446591cebb55be1785e8d5c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | ee0be5aaa1bf8a6d4a89e2b4fe0bbd8a |
| SHA1 | 9b3bf240b5e3037e419ac51fd876216eb625d616 |
| SHA256 | 18e25eba1671e2b3d71955f7eea3dca6c1b88f0d186a83e2149880f7ae231e17 |
| SHA512 | 739aae6396c988cf41d812e8724a0b53576bad86cdae84263c277029b2834351d03583d48fcecabc07fb0cb21f048e7f13c65ddcd721b6b609cd4208b6409df5 |
C:\Users\Admin\AppData\Local\Temp\KMsG.exe
| MD5 | efb415a9fc4099ec7408da60ee3a9ec1 |
| SHA1 | cf88086fd5ff985c3c3515c93b5f028c93e50ee8 |
| SHA256 | 1eb080a5726633f0bd7d3595077ebbfb8be30deceb3f5e57e211bf1884f97deb |
| SHA512 | dce1585cf978cd03775101e3963805120e9b83e4d9826a6a3ea790904ad9271f48dbb2460be7628a560f456cdc9a96065402703fe6878d791d106fe284ffb2c0 |
C:\Users\Admin\AppData\Local\Temp\EQwwcUgo.bat
| MD5 | dde4748a8e22748d4c1cfce3bdb4d2dc |
| SHA1 | 62186b3e1ac8c8826d3310802a709f82b03f2fab |
| SHA256 | 0a6983bb4f9215052ff06a6f0fd6a6e424d7825b3e89d9d0b5002badc30e504b |
| SHA512 | f79c4314b4bd2ede99b3ea942605b360352a0c6e515e3ed73f44023801b0d968f5b92758b45912dcb98ec68baa1459f0ee6c5335d03541460738083c66cc4784 |
C:\Users\Admin\AppData\Local\Temp\YIIi.exe
| MD5 | bbe0234b80d429d32cb0a9eab8ecc175 |
| SHA1 | b2491da417a64cc4260ab0b6761692d612096354 |
| SHA256 | 8e029ca8a8ca3cc251214cf3d37eee14a2c6fd72152f6bdc1351ce8971e423ad |
| SHA512 | b43da62eb973df9e06c76731ae4cf5fc5816a2416ab47501e4efca13b94fbb90ce163dab0b86608e2b1842f144c98f3879f2b5f4aa969cca916c8c5fe93596e2 |
C:\Users\Admin\AppData\Local\Temp\SgQK.exe
| MD5 | 325e36c7b17559035c60c87e32cc9938 |
| SHA1 | 1faf6043f189bb1b2f528528a2bb0085d9336b6f |
| SHA256 | 73595964d3418ce724bd9ebc3efc5f13189a062a94c185e7a1353c1ea4b65c88 |
| SHA512 | d8f4912b56e95dbadcd4307f4cbb768fdcdb12e401bb9afc5611f66e299b99c4a529919ec5fc33337cbc901bdf1735f1b022719ff7347851fa9e096180e007e7 |
C:\Users\Admin\AppData\Local\Temp\UQko.exe
| MD5 | 3add9feb3187d61d4979bcfd4b899ffb |
| SHA1 | 25a8804bda219b0f726801cd3fc4d469ad730746 |
| SHA256 | 47fcffba45917ca26529681a2cc2572d2de3cb7ef28a70f194cc1d5108f63a1f |
| SHA512 | 76458fd317d5ca36a9ad6f7b157020c9312a8aa2240a6a59be827420778229438217ec246c30d63e5d833d47552a916f5c10f05501be7bf312e82c3e1cd83ade |
C:\Users\Admin\AppData\Local\Temp\QUkK.exe
| MD5 | e3b22ca90bf6ffdc49ad07e38783a8a2 |
| SHA1 | 6f8c1b50de92d91168eb976a338c2528814c1b8b |
| SHA256 | 35b52f195eb52f64660b8fdd937d82177153201a7160e3a91527256c96558dbd |
| SHA512 | 592951f643a3e51565e6805a6963753bb0bb2d2b2b22b60ba7e2ce8ce45df28c31e153d8f61489fb02a6a294f265a762a6035a912b367faff9b5313e9305f1b6 |
C:\Users\Admin\AppData\Local\Temp\ikcQ.exe
| MD5 | 2b019e809e2760535b7884ddd0ca89b2 |
| SHA1 | 252cd444f208ab328dde5501b72acb6ddbe58238 |
| SHA256 | 70ee358f8b0395a41687faee4f961a06786edd114f3ab7b37c952bb706717290 |
| SHA512 | 075fdc6bc2078fa37c845c0c943ffa940e2d7ba91756b8e6b1fa887b196710a97441c1a6956c24352c9aa933c99bc5898d062b575ee3763fb2b4a9141eed7727 |
C:\Users\Admin\AppData\Local\Temp\QSAoYgEk.bat
| MD5 | a99438cf019483d9336be1ca7b074207 |
| SHA1 | 65cba2bcbf6127bb90463be6aeed34df96087ac0 |
| SHA256 | be86a71077040b86ca86ea01392bc20cddfc0726005c4524095c367563beb9b0 |
| SHA512 | b62353172ddb2806afb75b5901968f43b050c7588f984e55377572097f3e02ecb1d0d99a1ce754645ce56753beab84ddc45a062c4a1d925bd43f2370a0053f95 |
C:\Users\Admin\AppData\Local\Temp\CoAI.exe
| MD5 | 5b077dd1f50df1fc4dee71cf4cf50ca2 |
| SHA1 | 08f6a69ae5dc941dc37fae598151b858ad9fd96d |
| SHA256 | c4246498dcc914803ae2f7febd8a4bc40e18ca215486910c53c72d8bcf01a536 |
| SHA512 | f24ad99f938f95d113567c218aaff327f204bc497fdba98b66509da1f01a835be4e3b0a92f2d527824f6be95bdced7c79c352ac3d68f2f1233ee3bf6591f99c1 |
C:\Users\Admin\AppData\Local\Temp\qcgA.exe
| MD5 | d23d59783947d92ccddb8239ec022e67 |
| SHA1 | 8c2515a4eeb77ecce100e105fb40fd0e5328c1b4 |
| SHA256 | 4022ff6f0b20fdf83e5fd10cf7e37c6c0aa88742b8bb9efe099fad08328e67e5 |
| SHA512 | 5b9e87ade17a51c731bffe92da009a2143609e265e6093f6fb82a967b4d25f6320a926ba63118ff710f6681bcf68792388468d601c05bf43b4c310a46c41cd39 |
C:\Users\Admin\AppData\Local\Temp\yswC.exe
| MD5 | a66e82264e224b29447b12618b97f2c1 |
| SHA1 | decb970b5b4e572e3df54778e1c129b93d4bdcdb |
| SHA256 | f690b5f4da923757be84f4e65c5546be97e768ad370bc82fd8e077058313f46d |
| SHA512 | 99a326b9ba346b649ccdfc5f093e57fec3aacd06475874a48a4a6e6632d59d421983f29eea2383b42b44e56f80a5da9eaa3b6572a24b33938e4814c7910f199d |
C:\Users\Admin\AppData\Local\Temp\KEEy.exe
| MD5 | 4668ae2719a69fa93d4becfcb9908db1 |
| SHA1 | 4e6003e00ccd67eec9a3113b9beef0920dca94e0 |
| SHA256 | 232ded2cee987df65044566b4e015514ed31f0955ace48fd59ad7ccd8fafff1c |
| SHA512 | 77e1ec4e9ada39a64fc77da8ab0e09e07c1ab1c178065735b49b19e22f86efbaef84e3a6e1a87187ad6100a6456a2530deea50958ec04b55d4dd5e30dd7cb99e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | ee8d63a6d243b1c5f9c68a3b57fcfe8b |
| SHA1 | 5490ec7e6585d1a14381592883adae229724ac9a |
| SHA256 | c6d2123b6db8c032196baf789c97bea23ee2737a2bfcf843b5812dabcc272990 |
| SHA512 | f903e8582be89e46295c38ff17083eb5b347b51195e7d27b29b888638aefbd19db9ac0f01ea1ad7b8f38dcbb76862356048c543627c1658c6d36f2dea0785ed3 |
C:\Users\Admin\AppData\Local\Temp\QsAgAUYQ.bat
| MD5 | 971d5a25fa983f9ee32ce902c487f359 |
| SHA1 | 07977cb84c38b7474accbdb28b064ec2ba0ed1fb |
| SHA256 | da66f7a908800c65818690624dc9d7f6d66a01b7ee2f895c8a7bc1d4268cbf91 |
| SHA512 | e0e81e82b86892752227d1630f6e143d3dd17491719ae713e40a8bf1daff2c6e0671d6302c98a03fdc8814c4053096c6ff8878ff3144d1cec27c51f08a6df115 |
C:\Users\Admin\AppData\Local\Temp\OIgq.exe
| MD5 | d24c53affe529161bb4663656d5f15bd |
| SHA1 | 04302e689cd2af21e86f3679a16840fca6487981 |
| SHA256 | 6bc66dec4265e2a4950bee122d8c5bf432e3e73c22945886996bb6bb484a8646 |
| SHA512 | 6624cac052adc7b4c08a6d3186b3379818b6b4992d7c802161a09505824c101b6bb99a3ebe5abd5e26ce8e776acbe71582a9272a272c8bb16f0e15398dc80b41 |
C:\Users\Admin\AppData\Local\Temp\UcMM.exe
| MD5 | 81e0f34410e9817fb72e37d14dc77967 |
| SHA1 | ecf5c735b1df2768715a6e6c1555366912419380 |
| SHA256 | 59208b34ac77ba2dc73066d6f34691c558b52e961125cb9bc01eb5d5eb4724a1 |
| SHA512 | 07db310a7182c50b4c4a048f02e5a0c2c89349ed4b6e2abba35efacd444bf0d98f2972f985cb6489ab7e08830f08b9426bce8118e30eff69e54f04e25f87c63b |
C:\Users\Admin\AppData\Local\Temp\Cgku.exe
| MD5 | ec228095f578ae828082c0607ab83d7b |
| SHA1 | 12086721741de68895629930ced3704ca0926597 |
| SHA256 | 66742e5464fe5f2a7a76ca0c389b4a55901ceaa0ceb335c7d815a2484b248bd6 |
| SHA512 | 2fd5a90239c073f4b6bdb070144d76fb7a09d340a8eaaadeaf80ba4328980580be80f58fa202428b0c620f36bbdf7c458a649e4fd1669aa882864f0136d04f4b |
C:\Users\Admin\AppData\Local\Temp\MQAk.exe
| MD5 | 9fe3482145fab7361bf27cfe1d81035f |
| SHA1 | f4e16e99017c31f47d68df5470174864c110d1d1 |
| SHA256 | ae9b2ca27357ee1ad606d5cf18d7c9ee73f1e39b5b2e8520038d20dda3d46580 |
| SHA512 | 14e04cdece01f44888c41c20e2be8c0469ac8cbf1df5b4c4d928121a351f29e3e1bff6f0bef12ad441a8889e8a9677d05af38ffd1b0072e680db2db8b4c5380b |
C:\Users\Admin\AppData\Local\Temp\iQgQ.exe
| MD5 | b3ca2c293f897ce0105d212f7c60bb73 |
| SHA1 | a3477b628170eac8c4d1bc5f687038858c986b6b |
| SHA256 | 9538be14962e85d003c6e9da51601a4b1e365d93f0c3e0c2141ad81ade8e5173 |
| SHA512 | 6472b6065ca6ee24e8a54a097c8283ce27abbb827e0bf4989a3e0cd2d749637cd7989facad936a52c051671241b07f69df4ec89a5cbef9a0a7fcfb0220707778 |
C:\Users\Admin\AppData\Local\Temp\koMksocs.bat
| MD5 | d8b8185120213baf5a59c111fec56028 |
| SHA1 | 8dbec0c353bc90c4b9bfff0c228724350a07db15 |
| SHA256 | d2f5c2e2d228ecc343cbb3c218c3ed241d8321ee3d2aa9faf5c9cc1d7352b45e |
| SHA512 | 138609f5a8cda0f91f0a06557f0101f79dbb184d3177627304b1ea2449ac64e959f2594fc7f7651f309bf31a1076308f2ca1546f642c85e603a8690081a99707 |
C:\Users\Admin\AppData\Local\Temp\OYkS.exe
| MD5 | 7c8d421b473d8a671df8afac50feccfc |
| SHA1 | ba120e490b1c92ec9092cae7298ba644722ab94c |
| SHA256 | af85ef40c1287ebc77fcc0eea291ea65a9100547ebd73b984e049caf7b7371f5 |
| SHA512 | 99c292e7a9abf03ed804efe1d61bad0750d33d3b6ac2dcf55930601743c184506e530f30ce1dc418733c2233bb34fa3e259539d699d2b09dbe398a6057a016ed |
C:\Users\Admin\AppData\Local\Temp\aMMK.exe
| MD5 | 6952b0bcdd6f61bec68c7de40ef8f93f |
| SHA1 | 019b1ab52fae301da14fbdeb9f880f5837dbfe52 |
| SHA256 | 32488ddb9feb34a4ac1a69f6ef5ca13c416d884e6cb388de0ab48a48143a7b07 |
| SHA512 | 0e2e5d61a59e9fdb0311190ff4a102b493c2e4917f7e7232a7902e9860e23a9c251a650884b2cbe720e49f9c8c4c055892d7e007b6e4517d8135ee05cb0030b2 |
C:\Users\Admin\AppData\Local\Temp\ecUS.exe
| MD5 | 186599bc262da671eeccc23d43fd6254 |
| SHA1 | affee7c19020703ab513df522eff9e5fccc3d719 |
| SHA256 | 02f1f05905ed2fabe8ea6f2b42665bfab445056be0eb42e43dc9f72edc6350dd |
| SHA512 | 43ed5f962437a22ae66813a0af148fc1bef2926c834e84d60bd45df29f35ec6614b668725ddf78dcff6b26671ff5664fc0e5ab01ceadfe568fcacbc8eb30a231 |
C:\Users\Admin\AppData\Local\Temp\QmsgYwYs.bat
| MD5 | 02dd5352c9e8721d799e6bd07302ec52 |
| SHA1 | d222608dd837e7e300cbe7e058cb51095ed0f773 |
| SHA256 | b3ead82262ff6d4b64dd963749f2de01a910ab9a2351303553dc186bb72834cf |
| SHA512 | 59c479abd928fa5f29a1b52284c8f87d87be10446acf4f5e8a63bef273a19d1a40a6e592d63568f627587f9b06066adbaabcc4d7e41ca2f464a874a0104437d0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | e628a35e2302d5488af22345f80edb4c |
| SHA1 | 5d9d929fab03146e61cb7e0c2f4fcda667206030 |
| SHA256 | 6c57eb8ab26926118d7d0b1d6d64cde5832f18e6269a5594a73b30a252c547bd |
| SHA512 | 03871bc7d1f6590867fbd293444c21b6a21a4878693c944d70b561fd82cb02bd1851098a2309105df1434a939580c90198f095f93fc2b9023abaed80f0549e12 |
C:\Users\Admin\AppData\Local\Temp\SAss.exe
| MD5 | 625189db88750b5debb53a3ffd79bf22 |
| SHA1 | 90c390ddbc8d0de499c8890a7357c19e14f0d00f |
| SHA256 | eafae4fdab4beb2c50de34621bd42b2371e049915bbb0bbda76b32dc94da87c1 |
| SHA512 | 9fa1f2471a0c663d054ce0dc15095ba2a517ba499a5bfc738a33c7d4076cd72ca089c74d42a357a3a2720a2ddde0004ddff98b0d1dd23a7ff2695b95d24b58cd |
C:\Users\Admin\AppData\Local\Temp\McYQ.exe
| MD5 | 827e01fe26fe05da2239be9c36244214 |
| SHA1 | f539dd7cd566467ba518036317a260a0c15f39d4 |
| SHA256 | f56a0acd9b362f55a2d1bf48481f6391c1f30e247951a3ae3751727dad70239e |
| SHA512 | 28a68013b895734c82bb12edb29649276289592653c1d8621da87e1328be1f951475b8aa5c8ebf2f8539cad197ff58c81566644fed6678227b4d3cfea8f52404 |
C:\Users\Admin\AppData\Local\Temp\Akgm.exe
| MD5 | 880493777df32ed60ca91c65fa730871 |
| SHA1 | 0b88bae779f1fd47b8b8ddf4e915767de6dfc339 |
| SHA256 | 2f1a9113d2358239ecfaed2b4266e7d17a6a28b15016bdd0dd7c9c263ddd35bf |
| SHA512 | 64e133e2e9800f3f13562fca74f614ff929347ef3ee8208a7d57c88546973443935a87526d0990ddf0b285353a5f3dd8fb54c99323e60a92fcd4d488df21c939 |
C:\Users\Admin\AppData\Local\Temp\EQIm.exe
| MD5 | 71a164669cb1b36ea3a28773c37e8a27 |
| SHA1 | 132ce0c854b622691799a060fc9daba087f5ff4f |
| SHA256 | 08e57dea43e1a199e0f7fb2efa291c555cab3540bfe116e99599279130d2b9eb |
| SHA512 | 46272c6098f92696567c15d9672f732815c8c8bb84ac673c9289b3af46c9ee68bae2133996a2d5ab38e1883e26e3c14898ae8d4ddedf5b0584df606ba44a4c99 |
C:\Users\Admin\AppData\Local\Temp\KIIG.exe
| MD5 | c0ba7dae8291201ab2b43cb12fb00794 |
| SHA1 | f51cb7c19337fecce6660d5195a7a41a50fc2e2d |
| SHA256 | b7bbb696a39e3e46a4d86c6d046117811eaee077068ad03b6d2faf1c24bb13e1 |
| SHA512 | 1880860add42fcdb85ef40bf0c1ee4aa1ca99788dcb07689d92017018a1045cfac35be7de758b4bbf2e30a62f2f93dfe95558f365752054ebc9bf87cef3b1317 |
C:\Users\Admin\AppData\Local\Temp\VCEAwcQU.bat
| MD5 | 4e6acf22e2c5ac0e51246c92935bfca2 |
| SHA1 | a4934dc3736a375994fc01f81bfb9079d90e1bec |
| SHA256 | 444e19cded08798c4edbc728890b055af7fb05dc7c8db37af9931d5d48ec0a9f |
| SHA512 | 7679934f1060ace4f2f367a4fc92d47f2c2b6bd5a14219f4950d8aeb1e6cedd093e189be540ed5a9e4835e1d60f74344184659762bd038dded13e32787158e79 |
C:\Users\Admin\AppData\Local\Temp\cwQA.exe
| MD5 | 69d4971d6771d7b0fab55be2bada14b7 |
| SHA1 | d594d3f72c761bcf149754a8835312b1f85606e6 |
| SHA256 | cd297b6c2b4c7431d0dafd83f0fdfd2f67eea3a7a9097ff6def0fa2d07517380 |
| SHA512 | 1c78b316cdf5327c8974353a14683a7783eb2f93df82354b3539e88fd3cd77860c508d5b9f68822a0007995b570810152d7dc438f4714da73002a0a181ecb007 |
C:\Users\Admin\AppData\Local\Temp\wUAU.exe
| MD5 | fb7032cea7d3f18a771b6a26f4c241d3 |
| SHA1 | 64d1880441df032b5cd779cf60b727dc6ee8cafc |
| SHA256 | 6605015c380d12673df593181677711f3aecb3c6ee60bb1ff9ebc388dab41d20 |
| SHA512 | b03937eaf51b4db1e02736eeb56b861a775a79056ed310b3a071dc3a9c7232d350d5a2c2778bb35a16b47ed04d55896651a42d431db9929e3b490e9961eb17c6 |
C:\Users\Admin\AppData\Local\Temp\mUYM.exe
| MD5 | 6fd2c91e986f7be2fb1b3c24627986f2 |
| SHA1 | 8b1a6c81f1edd5d3d0a70bd5a046d82faeae42d2 |
| SHA256 | 5990acc4b53afefe6fcb251564d59487a2efa8b285b194b18e8ff17483e9535a |
| SHA512 | a30509379e82d5ae4f7385ae7c955bce177c95b77483539f5bc6372cc5e6005422bd404f707b18f67a118782a0828c0438219d5d0ab4c95d08cd09ee7a95acb4 |
C:\Users\Admin\AppData\Local\Temp\IsMa.exe
| MD5 | f82158de725a5a74dc8b5d413f35f9b5 |
| SHA1 | 0d7e7a085a3a28cea3841fdf8437ff581d4cec61 |
| SHA256 | 9e646d18b85bc91aede4f0fbfc5981a7150d6dde1948b1ca31b6ad88081ca3cf |
| SHA512 | b66a2490420947b3f99036c8f49f12b80158ec18ce1aeda02e5bd701108f5fab549196931d1b594c3d7a5478816cbcb5130baac03e62b7b5a351373c35b48c8a |
C:\Users\Admin\AppData\Local\Temp\ssAa.exe
| MD5 | 0e6fb0dfef8d5a21663d786cb1be3d3e |
| SHA1 | 494b05eae912e8e647a637f1281dd71ed0b4eac1 |
| SHA256 | 6d9fac0790b6a7baef438c08035e605aa7b1445eb6810b5f28f3b1ff6e3fda5c |
| SHA512 | 600e3d12af54e557486f5bee267cc6d8938b90893a41b39b0fd4a706e6bc3ac88d3e66ef3cf42fe752f7d1a3d9e280128e60ad8164f2afa79be11bc91970233b |
C:\Users\Admin\AppData\Local\Temp\IYUk.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\IcMa.exe
| MD5 | f5552281a8a4a2c147b5930f3d19dd9c |
| SHA1 | d15962b712485219b91a1c59b4f8f42ed7eab2e0 |
| SHA256 | a937d29402f45a8d62727254251ae1a46dae4c5d47d26c053b7977eae844eba7 |
| SHA512 | a728886b5103ec6642de61e0cdf0548ad4d15e04ed4df3000b9504b3d571e6c2a9447e843c6ef68d899733c272cbf69c4e400e8e0c9ac5ed1980b1942c46ae65 |
C:\Users\Admin\AppData\Local\Temp\cQEC.exe
| MD5 | 01d9b91ff4e1011d0b3e5219854a87b6 |
| SHA1 | 9d68f0290f6071977ca463a1cc3a3c01695d3885 |
| SHA256 | f9927a2ff5ff989e5295ca9ef97485287a7f49cdfc638c3fe42d897191fc9044 |
| SHA512 | 71c11f335948c98f0c386faa1d9dffc7e6b1dec13c0db865128a7386e17b2ef58a9554bac0a9b167c36ff7c71b522c4b9fc58940f805972cf58369220d8166de |
C:\Users\Admin\AppData\Local\Temp\okwu.exe
| MD5 | 5f19fd1a648f5e82c7a28f48ddf802a5 |
| SHA1 | 0501bc670683945b01440b1a74b9b1f65aac3603 |
| SHA256 | b01a494d48dbfebc1d29d55b0b8abc2f0245ed5b0cac3e13a1e929c8a6a67c33 |
| SHA512 | e666f9a90750ab7582cba83e2b3a2c7c2e002a5eb654226d520faff9919a19cb3cff4bddaf64dd73d18424401a61901a7419664c0e21e0cc3696e9872c6654fe |
C:\Users\Admin\AppData\Local\Temp\vYUMIIwI.bat
| MD5 | c9377774179190697f19f0dd4e77a6d0 |
| SHA1 | 0cb85c6c13eb9ac9a711bd29674d704f310d06a8 |
| SHA256 | 36e6b2f06bf9e3f30c084d3de62279759d212167cd3286d42bf5609c2cf3c8ca |
| SHA512 | fe8d02a34ec38afc0989df16b1508d94432edab114d6c25debafd5a0a9fb93f25fe3c8a814788ff7ea2b2fa03dc023964fc80ba29065f3b2a84c6307c99689bb |
C:\Users\Admin\AppData\Local\Temp\FsYkgMMQ.bat
| MD5 | 84b89f80a0434904850b5eadfccce253 |
| SHA1 | deb5b1cc851469b50e2c338540a3472437df1f6b |
| SHA256 | 803921057336c5cdea43ca1b87c8d381f79ef25a847bd0b7fd19db3a10f075d0 |
| SHA512 | 3b4060f27f557ec43ba3509dbee1744180164eccf158b7bedc65c290ce93a94982b08e4cc2e2088c0bbceb69fc6474cfb97f7aa0446cd4783d373573829b35d0 |
C:\Users\Admin\AppData\Local\Temp\NssIokQg.bat
| MD5 | b1b61c47c673502038b82f2a2bc41253 |
| SHA1 | b087813644ee429ffb9d4566fb12652e69f3a0dd |
| SHA256 | 4a613e69364b84c2c6e8ca9fe066387e1dc9aeb41f4be8341313f1ae60436f3e |
| SHA512 | 4be980c3a778bb6b788abe0c501c80394137802de377cf769a26908da5c34f0394bba76800c1b9ec337214c9a44b758e0b3b74505e7ded213e4621eb3bdcf4c1 |
C:\Users\Admin\AppData\Local\Temp\eSsQIUMo.bat
| MD5 | 7daabda1622e224a7826743480468d72 |
| SHA1 | ffea229d3b851e3b4f284c81f5401ab897988d16 |
| SHA256 | 6765c4690e141347f9fd4486e95ccb84a6d2d4017b599fa3b2f50f88cc78e71a |
| SHA512 | 3b964cd5e80990975ee3de260677149f8e015a202ae9493c359b16043a9bafc282c674bbb6405bc51a6b99363f88065e24ff02afcb2d63a53ba5bf2a748d21f6 |
C:\Users\Admin\AppData\Local\Temp\EMwQoUIg.bat
| MD5 | 7df6dc34b9037ced8de76b753aff71cf |
| SHA1 | 0cef8494c7a904ca644224eb855df44b5a4d5878 |
| SHA256 | adb0453b991d8c414db14cb008acc0550d26814aafa12f65de158514ac8169a0 |
| SHA512 | c6a1956e40ffcbf1632a748705a943cec1a05341d25553244a65ce3dcd4f21f933a194bbe49dc4852b97d45720bc26c8ec859a3de9c92522445d119faba0d5cc |
C:\Users\Admin\AppData\Local\Temp\iEIIoooM.bat
| MD5 | c940357a7b1e195f3642920df351dd05 |
| SHA1 | f5828e77f85d3baf7bfa71d6e8c9027bd83853d6 |
| SHA256 | c8cb7318aff012c372e3b045eba37f6ebfb94d4b17dd364c41ff7930adc7344d |
| SHA512 | 42d191e87bfa4137cc7854d49a44569352633fae48b31a84dd75617b1729bbc3448225c2fa93b01b8ea4bb87008863993bbf9ee32c6716cd2db388d43cae6f3b |
C:\Users\Admin\AppData\Local\Temp\CQwYkEow.bat
| MD5 | 0c96bea065aa1ce90da7d3142e3501b3 |
| SHA1 | 8a0dfb93608203b4e6782519446cd98be59af60b |
| SHA256 | c81a41b0c5a098f861d3b0b22d1134d73df307038100822d1d4ec7024ba18fd6 |
| SHA512 | 99ea34a9c5adae5bee9b69c8446d86f5f59963b809839a0e33fc6dbeb9e34170912e83bcfecfe9b85aecafc4c74709c5c15a3f66d4f7f02493357100c0cd50e5 |
C:\Users\Admin\AppData\Local\Temp\PCYoAcIQ.bat
| MD5 | 12d3e94a8986382891075a326b6d9df1 |
| SHA1 | d3c030582476692ff792688f9855171acd2aabd6 |
| SHA256 | cbcd88abf8b56f9698995199b1cae06cfb58526ea32e901718229374c5e98849 |
| SHA512 | c458517d9af49d109e3afa4f6e9a276878c97f81b9bc1eb763d2809117b541613fda474937cd7c7b5109cfe19ccf62ad30f649f23d8ae5a1029b81d8de32e52b |
C:\Users\Admin\AppData\Local\Temp\fMgkkkYo.bat
| MD5 | 24c534d9ee493a43214e810577aae4cb |
| SHA1 | 1d824b88274cd8cb0b3c6817d7898af11edf1591 |
| SHA256 | cb6e09424f0febced9dc8d09f42c3903a5b52cc63e3d9daaef4361b96892e133 |
| SHA512 | 28a4c1cdaa97795f4447a9552541646453e3f1299dfd7314301b14f4a50e1c9cd4d52e6c72afcd63bea8b249dcf0cd43407c0ef371e048d121d5d1479fbb46c6 |
C:\Users\Admin\AppData\Local\Temp\DCAkIEwU.bat
| MD5 | 3a5542cea39a35f9e783be3bc3ab37d2 |
| SHA1 | a630a8479352dc85f45a024e01f6fce2d85d78dd |
| SHA256 | eb863adb75dfcda4a6898b53f1a112cd0d7932590a5766b6942a356db3cd71f7 |
| SHA512 | 40d709c1deaed668b88ca3f9ec8d1fbd4f42a363c596a1df37961f1c231afc87e74be7fc3c72a5fe7a49fa2e02aa8cc0fe69cc2a272642910550e458fd461ec3 |
C:\Users\Admin\AppData\Local\Temp\lkQUAgAc.bat
| MD5 | 3b1621c94453276e2fde82a4eedac92c |
| SHA1 | 772f86c7aa20a91c735f0b58a84244dd9206160d |
| SHA256 | 3c2cfb59a08e1cb7aa23bfacd20d2cc75da480ccf6058693c61400005a24c70b |
| SHA512 | b7da26986564e6c23e888e979a32f58e9b0aa47dac42a8d91c931198deee66373ba1b0ce1a322abeb889976d73905bc8bad4e4086edf28cfdd11d049df23dedc |
C:\Users\Admin\AppData\Local\Temp\IEcgoccY.bat
| MD5 | deb3ddcc06a84024393db6dd5892e01b |
| SHA1 | 76afc9c32c84a9513ed6e1d66ceabff0644cdc27 |
| SHA256 | 08881f5c0f9f49238348424c140988d2fad476eee5d4808005e7bb09999dd4c8 |
| SHA512 | 18ac0577a49440ec8e5d33adcad7016a2e3c2189a47a534bc5a0338184fc4904aba74b256dc6e64b06ad2e335290fd43f419c4576d8ab8a1e81e80cae9e532e5 |
C:\Users\Admin\AppData\Local\Temp\MIAq.exe
| MD5 | d61f9edcd65704cd2a5f4d7663dff370 |
| SHA1 | cb672160be7e0fb9afdde26684daf42af6e93f3e |
| SHA256 | 7193584c4c20dbb853967c7259fe3acfa395659db17566406d5b4dba68270192 |
| SHA512 | 7e6d45a50bd6921875d5839d2180221186acfaae49224a68f70701665a1dd8c595218076c7a3691b95e93f4483a4074b374ec637fac315262169cc5de3124644 |
C:\Users\Admin\AppData\Local\Temp\mOgQoIMg.bat
| MD5 | a2636fdc0adbd82da0319605d41dbd99 |
| SHA1 | a87325140b139db6789dc58261deb5a0d1f9d0c0 |
| SHA256 | a79627d532d47ed7fe412b8fdfc3fdc8608166e0c92a471588c16e07a1e96d5d |
| SHA512 | ec96bd80aef5aa58cb737397713dd05da826c2dfb75ad584525819a06ec1140b92fef219cbcd4b787aa3de138e1bea81a4b86f159185b05c77a822adf4d0d758 |
C:\Users\Admin\AppData\Local\Temp\qsIW.exe
| MD5 | 53e1adc33d3c882cd0520d54c69322c8 |
| SHA1 | 4816b51468089bdecf88c76fd27680a308954ecd |
| SHA256 | 90ee927b263292773382b20d0b5d23f911e741c2a40770ee60dbc2f07adebbd3 |
| SHA512 | a614a4fdbec3c94a2330e14c42e84b114e66b3139a8cee3f94bfe1ced45547aaaebe99b9515ee6e706e03217245a6d92558fb0f13dfc0710035ec95a76b01261 |
C:\Users\Admin\AppData\Local\Temp\sgAo.exe
| MD5 | d417f776bb9b628404d36efd9094ab31 |
| SHA1 | f682a320a05250fa1f10f32c096a09e0d8176ba4 |
| SHA256 | 2e0491ac0b662a4deafc1073fe474804db84db40d4018d38595e982a57a785a9 |
| SHA512 | 589fff3df6782c52bd00465d3175f25e8929e92ab8db4053b7cb3a8a400b2989a7f1990dca26415414fc2a9e4c09c8e792cedb6ad1d4d81bca713b83eec4d4ee |
C:\Users\Admin\AppData\Local\Temp\mAAq.exe
| MD5 | 425be644534253da9fe1902e63b62783 |
| SHA1 | e5f7d21c331111b38ebe7c361268e3ed260e76e9 |
| SHA256 | 601456942d02c75a1a40c3455a62255340f5301ca4d14836aa6c18aacd2ab5b9 |
| SHA512 | 1bd759f950eb7c2a91f3acd584d1df7a1cbffa8045a520fc253bef9ac41869db61a8f83c125b99b307af9d26c3ae8ab0a9440e4ee550e1dfe96be96612f2a5da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exe
| MD5 | da9b54a96fd5c4228233ae0cafeb872a |
| SHA1 | 41c78e0aaf9780407a465d2687a4cafe67b0c4ed |
| SHA256 | 7e4c97475d9e766b6a66395886071c5061762e7f1a82d33f5ae19849aa4e704c |
| SHA512 | 4377100257c3744b8a92b22331f4a1ffb2ef2dd74da643da990def006121fdd84ef6f5005f9f2702bd9d6cd0a890966cf7eb403c22718acc927182e3b61d89c6 |
C:\Users\Admin\AppData\Local\Temp\WCEEsgEI.bat
| MD5 | 1f94f3ecb55a4a38d0e5db7f65e44b53 |
| SHA1 | c94dc1bee80e2bfa4814c5f154f3d9c43469b354 |
| SHA256 | d7f4b0c143c8ee811b7122b98015f3cb4f5c67db73d004e8288532b8af445835 |
| SHA512 | 143a64c390be2ae273bb31f02656641bf9fed1dfd21e800a8f860ef1851de58aa21dcbb2f903a43df6cb20893d9146dd81df4199963a9352eb5df3772196f8ef |
C:\Users\Admin\AppData\Local\Temp\yQMk.exe
| MD5 | b13ac9c6a03b2a2d5be57228563cecc5 |
| SHA1 | 1a08944f4a3d5e74f184f2cb79d10c5b97e37d0c |
| SHA256 | 9a26daae71e4b936fd04c5214d3f7189a07bbd792709c64e50025f88d07711df |
| SHA512 | 27f87cc833787dbb8299274dcf65027f8e095716a415c13268e12690f952056d271ac45bb89effa13b03cc516e6648a91a720733bb0dbc5aded6455c18c183d5 |
C:\Users\Admin\AppData\Local\Temp\ogsw.exe
| MD5 | 03e35b4294ff52f5d8dd06e4d378a009 |
| SHA1 | 526203685d341bfcf2fec20e259f9170be299cee |
| SHA256 | bcd75bd16a7775e0da7cbaeab383844e1ecb8b2c55719b9df005d58093650e6a |
| SHA512 | 765428fefdac7915f97df72e991640ffff466c269f4965b70895c194f4b2284dece84a6610bcab5444fd07bfb5ff63fcf00f4601fdd0bbed5e09a23dc5711ca8 |
C:\Users\Admin\AppData\Local\Temp\uwMA.exe
| MD5 | f3c209b1ac75e01e89ad70b7feb6f2fc |
| SHA1 | 5e8545323a0686689cab8e07eee0a51d7d3ec8d8 |
| SHA256 | b1bd0c0a5ef411a16d4553ee456f52147e18181bd417da65cdc85ff6c0b9c440 |
| SHA512 | 7d2956e41160ae4a3dabc561d9fcc695d6311a65b3f8aff817151f9698b070782ebc1932feebe2aa0672af3a474fb0fc7ad5b811e1d67ffcb20251fb81a3c6f6 |
C:\Users\Admin\AppData\Local\Temp\oMwM.exe
| MD5 | c8ee694c830d7c486bc6ec9afaa3cfbb |
| SHA1 | 51f40828782f347579bc63d694ff901f1ff91961 |
| SHA256 | dd8205c190e6f4c442163a35f1c770994683c425a14150e450dc0c5d14c2686b |
| SHA512 | 93f592a536cdd6a16388d3fa463547207ceb147a3eedfb537862b1ef7887bd192c6ddd82bd8dbb8785b2d50427de18ae16e82c8820bcafe019c03c4c4bb2eb90 |
C:\Users\Admin\AppData\Local\Temp\AEYY.exe
| MD5 | 438df8c837914e8d5e96d9e7295be8a0 |
| SHA1 | 2a2a6a734945bbb4882de8fcefb5a52c957e62f0 |
| SHA256 | b48e9a259534ab770acfee4b14bc578bf9ef17d9eb38b80e3d96fba3ebffd2a2 |
| SHA512 | f63f0b20e1a8681e28a50ef9e8981e15ae86faee367fbd59aa0f5a6d7beaaacfa05f6d61f2ebca979091e4a88504625625fa3510ba6ed972d915c179d6987c22 |
C:\Users\Admin\AppData\Local\Temp\aEUgIkUo.bat
| MD5 | f9e8c29ae67c8cb0e6be265c2b172884 |
| SHA1 | 80a18d85701f48824f78aa4ee21035ee6f594754 |
| SHA256 | 71e9a479d3a17debc09d2f716d75929ecab54501ab18feb492810c1f7f54342e |
| SHA512 | dd33c2c6d1048248325481bfee72d58d68d5e4ff5a33c2a4782bf3dd8e511c9416284cd19644ff9179735b3070f666cafeb32e43a319c610801fa9f487fd9a01 |
C:\Users\Admin\AppData\Local\Temp\KQUa.exe
| MD5 | 430836d05ba4d489b6e7d158ee5a1c77 |
| SHA1 | 543a9f9b3bfe4c7a0fadaea79fef4a108d0d1ce2 |
| SHA256 | fe5fdd9ed67442ae1e242f2d048f189641293010dba299b579059b6c18fee139 |
| SHA512 | 26e6d9dd93bbab8a721c9318774b0278b5d82ad987b93ff0c875ba6caafac99599c5f95ed32cea6c2ce37f9cbb634525d4e6487f52ff8e49ea98df8db79e58df |
C:\Users\Admin\AppData\Local\Temp\OoMI.exe
| MD5 | f2c1280a83ea8e3d496d2c77b5a63b77 |
| SHA1 | 1d7dc96e1cea2949307af0b188109b74b6d091a0 |
| SHA256 | 11cc157ca579cb37ccef282bce19f8ad53f185a7a90b298707f88e488fa218b9 |
| SHA512 | 8b5653e1d9659df1ee90403ae3fbcf0e75783d47b9bf61a97a678e122a400f34b3f64b4f6e381d186b73dbae25cedaecab716093b90286e17e4f97d0e2becfd5 |
C:\Users\Admin\AppData\Local\Temp\gkok.exe
| MD5 | 9079e0db3298e429522651ab6ddebd4b |
| SHA1 | 834e003ed6acc0cb44061c65e077128b2907533d |
| SHA256 | 6712f72122d66276b46b245e77ff316b42f49e99512f583a0e81b1a64c5861d4 |
| SHA512 | 2e1ff5fca9eb774f96e478807708fd33500d0acdfaa329f63ed5aaaef12eba320f2a27b4ff93f110d9756df64d9c00aabed5f741eb73de67badeff7dd725317a |
C:\Users\Admin\AppData\Local\Temp\YkYK.exe
| MD5 | b5efae93beecc3378c240e879b34d9aa |
| SHA1 | 5645d597e3f1e9f840c0f64eadb035d3cc462cac |
| SHA256 | 110747381275f79d6e42213b3a960ed4ab16d8bad0d595c1f20e739c3dcc9866 |
| SHA512 | 858861f8170845260e1c31528d69129c52c590182e2a2bd19800ae36d92d91f51f29c69eca4e990da08e62d6c8dd391be90132fecaed37d66c8252336a9849da |
C:\Users\Admin\AppData\Local\Temp\VkscsEMQ.bat
| MD5 | 4ad0f36dad260b9f768275db2d9309e7 |
| SHA1 | 0e1a89588c8b3aa7222827f0872ef3968ffedb5c |
| SHA256 | 936d6e35c6da590d352939914e3600f747b3cb94d9724a8dfa34a719768d785d |
| SHA512 | 753852742ff37abb1f824ca7e2db266368274732792a3e7fde9e34fc2705dc1825edc7061bb778970472effe50e3ea9e16eee00e229f426d98be8f2b67036452 |
C:\Users\Admin\AppData\Local\Temp\ksoQ.exe
| MD5 | 513ead99f89b5bf1b4e5b4cad1d49c85 |
| SHA1 | 7d9a27b29289cab22d2e9a967f0769967027b8ae |
| SHA256 | a96073cdf1b10d4d3244be25489c78ddd4b1a0c4545e41b5f43118b21216eedf |
| SHA512 | 6e52ac1c0b57fbd3e6edfcb82f9f68d5a503fae4c38a2805a23ec9acf79f13ec673a1d0065fe3b4a3a52a85510b3799f7246b3dfe7d443ac3cf9c0a7168642de |
C:\Users\Admin\AppData\Local\Temp\uMEq.exe
| MD5 | fa98f09f7ecd2b030d64cec20a4a39f5 |
| SHA1 | c4009d62dea45c69ef28e8680ebdcdd3cc94d51c |
| SHA256 | ddfea98e4acb458360628714442b9ae7ec67179a096e07760c36aebb38f2f67c |
| SHA512 | 34c6f7fab968902b82b2c2697aa44ddbc7f688c71f168c2cc31cb93a49f3b89bba428279e90311438999f0af00914799088f56adf79540c05c58300423476967 |
C:\Users\Admin\AppData\Local\Temp\CYUE.exe
| MD5 | 5029e545bad59dcbd9b2174745b95f5a |
| SHA1 | 09968cc530d363e6afc2ba0e824b649ccd3d46f0 |
| SHA256 | 7b6debc2fad38d3949c370912a5fdf7337366add9b1f6f81cb12dbeee228e219 |
| SHA512 | 65acad8d27bc9f83a64d145cc46c5e34524864b8ae373d002f59bb634b51e4fb77476041ce2c029846d0353010607f8da52085770d84a6be5bb9d164b92bada1 |
C:\Users\Admin\AppData\Local\Temp\Oosc.exe
| MD5 | 015ad994a7b045395bb5a984dfd0328b |
| SHA1 | f3024c11721dfe58965e8f52f041722cc40965b7 |
| SHA256 | 2074fe83507565542442f77c5585c27985dc094fa9bb5ca8ca07f5427e9be411 |
| SHA512 | 3b523db84b1b02723ea30bbed139871eb5e0cff88100e126af568dd2a03a320171245db5ab6c81e8cd8f98bafdfccc12b87ef979b3d4eb1f730530dee5382618 |
C:\Users\Admin\AppData\Local\Temp\foEkIQEw.bat
| MD5 | 8acf0b928e68499e236718b745c7d752 |
| SHA1 | 5e33c4b8cca82189ebd358a853fac859811a17ea |
| SHA256 | 018d41b38c864f4844c7cb8252a0e243cd29ca4a0aa1ce247fcffc1e9f0b5c52 |
| SHA512 | 2412b01108adfd28fc797219b759f73bbe1805533e0ee533368dc25e5fb5d0a3451fc316b0d80a9b82d2031bb33ccdf5b4b8c7cb837f4eb66b53d1ecc26455c5 |
C:\Users\Admin\AppData\Local\Temp\occk.exe
| MD5 | 06383532f0469f5d7c56c671dad16c5f |
| SHA1 | 7f9ed74321903f78682a7f34bd1223cbb15d0ece |
| SHA256 | 1f6cbbdfb9d16353614befdec8c850f45bee4eba38ef2c3bdebf4b9ce24bc348 |
| SHA512 | abd896a9d9c5782ed734bdb3fd0c8670efe95fa832e98f7eb591268787eb57246ff70a95e831fca60e20e71b33423172d7a02a60bdc7c22a64bacd748a3ba592 |
C:\Users\Admin\AppData\Local\Temp\QQkw.exe
| MD5 | 876f5bf0c23b87f6172bb0a73d03166c |
| SHA1 | d794536b248b934880550bf09fa87badeb20033f |
| SHA256 | 1c970bf02613d457454e5f55b1af95a07e1493ce10f5709c8f5baca321c6aa84 |
| SHA512 | b8e5450992688b24a1654189a686482202e5f792d6755e4a346e19c31c703537473ab86ed1d79e1c6c2b979c75b776f616c1a2de47cfb74894e5c73d3e8157e6 |
C:\Users\Admin\AppData\Local\Temp\EMsO.exe
| MD5 | c251b942498b7530e28d22eca3af7c3f |
| SHA1 | 7d577a756066c7d85c5b98abd25c80adfa7c82de |
| SHA256 | c43f5d3e4444fdf5cc99a218655c4530fb2504e0f12387ca3267a6ac8625eb9b |
| SHA512 | fdb92d9a32d7455c36b34e9c3d2ef5536b64034bf6f2ff7c7b067c66f03581364d28bef6939eeb5c5392e895a8a00b1ef1d24b630fc8a80d5bbff43cf3e274de |
C:\Users\Admin\AppData\Local\Temp\CIUK.exe
| MD5 | de28a739683e8914fb247615aaff0852 |
| SHA1 | 7565d265bafdb36f314b5ea4772bc74e48872d5e |
| SHA256 | e127386087994a22ed97ee589e10b47eb0f209ac82e2f57e0b5fd72bb5466ee4 |
| SHA512 | a39c036345e392f860baf7addd99232d9268630d3136b07727e926715dbc39ad4c6c3d9d20e07db02e2bc307728b784bcd2de2788313271310203f5bea837b6c |
C:\Users\Admin\AppData\Local\Temp\UAUS.exe
| MD5 | 8aeb07b90f72abafb83e0f7a9b591ecd |
| SHA1 | e471070ba54f0a3bb7ec4fa1358dfd36e65cd63e |
| SHA256 | 7606603bbcd6bfa18bf922cbab8d5a4bc89cb02e690ea7ff0e6b5aed86be2ac8 |
| SHA512 | 862fe70c7bc52172486d682c2da0a952d2f6e4f7911ca20fbf97d63557ab35568a65247d8629625b6d27d3d8ad0456e4ca40021bb0e878fbfd928f23c4dd5daf |
C:\Users\Admin\AppData\Local\Temp\GAoA.exe
| MD5 | d1ecff8bc8de953765f83229bba7e817 |
| SHA1 | 9946f249d727f124bffa8bec5ab091358e446b7b |
| SHA256 | 92f18341ce0f842d978b1b86c77a96f7656bc46caae0f1fef8713863042225e5 |
| SHA512 | d6affb636a6cf510b43740249c45c189b379013e5ac263aa7eb08f37ac8ced5ced94e78158fad610a9006bf0d70d9b719554df7cf4d17bee1c9341de1b0de78e |
C:\Users\Admin\AppData\Local\Temp\GQoy.exe
| MD5 | 560b257f648b4e7eed2c2d409f265e7b |
| SHA1 | b844a1c780d7fa1889e94e235cb9c7c1474f4b82 |
| SHA256 | 75b1b6db65220da4bd452c43ce08dcfa30dd26259414d1cdabdd1a2b3746055f |
| SHA512 | c7a783d7d3dc2e6dc7c07168e19ed6b7d249556b5af53456e468dec013f60c2cde82753185d735e15b6dfdd0dd24828e8224d4f1a555278d71c4eaea24789595 |
C:\Users\Admin\AppData\Local\Temp\RgAcIEIo.bat
| MD5 | dbdeaf4b614eba9fa88d8a9823c2ba7a |
| SHA1 | 83c74e99b025714b22fe86f097bd567b7c7adec2 |
| SHA256 | cde636f15bb5dc653b4de858e0e841053e82735f2c6acfd4f100c7233894631a |
| SHA512 | e7f10935ddd9a0227a7523851625b49adc95efbf3e2a9de4bd7caef1ca1a6745f0e4c2aac343a6931079a3774ff6da35414126ab69d952fdb39d5e5d31e3944d |
C:\Users\Admin\AppData\Local\Temp\cMoU.exe
| MD5 | 037d9bc20ce9d4275f44de65366a9d73 |
| SHA1 | 011e3c55aa4bcb695907276c4f53cbf8a2c4d108 |
| SHA256 | 81163daf8c6e503fd271b85ff337eb4c3f9287f08590c562b49c2adb2b038ef8 |
| SHA512 | 68f7318fdcbc5c2ddf2f08051febf43e49402d7a9e916062e07b5090299073c06a53ece4941233de50ba0fb7356a53aeaa03dde38eb8ffffa4bd2d677686326f |
C:\Users\Admin\AppData\Local\Temp\iQcs.exe
| MD5 | 510787e8e4b97f1ba440eb28ff453e2a |
| SHA1 | 6f56f0111a09efb722f2433bf73bc8b47a75fe48 |
| SHA256 | d925150e9aa386d9fc01b6980f5f4918560dec5ee3123fabec990635534f9aff |
| SHA512 | 4052873dce5e29814578208c0d661c75ed976bcaf3a2eb527cdfad33fa3ccdfe296853fa542cd06f89d75b6a74f0ccd18e4e2cb235217c71385bacf1c0f28632 |
C:\Users\Admin\AppData\Local\Temp\jYQQMIwQ.bat
| MD5 | 7deca6dbdead72df8b0dff969e8b23b0 |
| SHA1 | 21079d9d9c5e12856539ddd3b0e28dd6f39ea29e |
| SHA256 | 09ec1813b04810168bb395a2fa47b8d4e5ee72c15082c88582a365cda0e83c94 |
| SHA512 | ad90dae8c37043d2e4e6a98f2bbaad97f21d12321f8f38f136a2be7d0ae836f72473b194f77f4173dfc1b02bd3bc3b128de7ed253f5047b7c94eeeb9c101ce81 |
C:\Users\Admin\AppData\Local\Temp\KkYS.exe
| MD5 | 9e34b9f20eb5a66ba284ca26d6076c8b |
| SHA1 | 8b8939e19b8dedf529cb1402ac5841bfb6584deb |
| SHA256 | fc9aceede946b78fa5cf9d276dad074e62bc0dd83111ff7b75eff6898d07facc |
| SHA512 | 7c8fb0461f001f00e18e3ec46bd3833e2339a73b1e468480bfaa07126c564d323e16f8502ee976156337182ce0d54731a97dcc7466f98bbb6f8d307bcb24e1f6 |
C:\Users\Admin\AppData\Local\Temp\jgkgAoIU.bat
| MD5 | c41fa1e747eff33afaea2da08b652288 |
| SHA1 | faa4ca457fda6698164cadab2b860849b064fba2 |
| SHA256 | 0cc3298f374ab21cba54e202978a5643d20a57b1e2877f4be828e0ad559f0320 |
| SHA512 | 224b85da273fe4624815cc663c931e7b94bed1d86a9d87e84ee7759471c5c6b7d29f2b50e435683f5144210e88666a44680175b428c075e251200696cb5d59fd |
C:\Users\Admin\AppData\Local\Temp\sUse.exe
| MD5 | ad61fe8c47a044d22fa50cead79cb257 |
| SHA1 | 13059ec4f0826ac65992d4cdd19aa083b44c2399 |
| SHA256 | c3f626ea58b1ec25f4dd161a5ef370a497e93e0ac1059f978255607672432129 |
| SHA512 | 28fdbdeb349192859d1717bc4121a06c2e82947394b835ffa3c08c668b57acaa70135b080aab789b1d3788673a7270c11c4f237d4e705f04bbec6357bd0e7af4 |
C:\Users\Admin\AppData\Local\Temp\sEgs.exe
| MD5 | 1df30b21ac67c48e5b18fdd9ae02a016 |
| SHA1 | cb1bcb60a9992ff72655ac6ad78db38f261e6b92 |
| SHA256 | 1401506c381096420c60f742211309966341db0822e5184f8e0ae2737f8367a3 |
| SHA512 | e2d4617b0b9b0abcf9056e3148f0de0ab8805bfc3ad61fea168b009c8bd9aa30dbbc53305cad31b53346820a8ae17cef1b41e29842177a174353166f050a3a12 |
C:\Users\Admin\AppData\Local\Temp\wsYI.exe
| MD5 | 4b60a0fb95212eb8cf3498a048937bc7 |
| SHA1 | a56c928fc8011cf111781ee90f738c339318255b |
| SHA256 | 6742e4ac889773e8c55e6b2564f74980fb2d91b402adca9cd9fbaa2c6ebcb74b |
| SHA512 | 2e66559bd87e7e7924199a808ce0fa6c60f99838e32dd5ee59322cd298538b92cf7768b2f3c3a7f242b9f55d81324ea65881d809b44ce3055889aceae049da66 |
C:\Users\Admin\AppData\Local\Temp\GcII.exe
| MD5 | 1e43a1430fe6dd56d75a6e6aee951eb9 |
| SHA1 | 86c95156124aa2097d3bfe052798a9805ff00caa |
| SHA256 | 7873a82f2356a0d6b104748631f9158007fd9c9293dfe4aa02a4e52c0a405535 |
| SHA512 | 6d11e2e09b51f07a233c97aa591ae545d9ce5be6051bcbd0f1fa8828c1a893b8236b1afc4f47cc1623a5a6936342e59e0bfa41c7d59ee324c65498bfd6bbfbff |
C:\Users\Admin\AppData\Local\Temp\iCIMgQAE.bat
| MD5 | e7b5d224818656ef4c30e9d20d88b97b |
| SHA1 | 4ff527b5c97ea407516e77666b0462c7c12868e8 |
| SHA256 | d5fc473cac0ae08f5f41781c413733d51fe8269eaabc9b613a4941bd6e4b373b |
| SHA512 | df978e9300c066c037649336c414cbbc6e094b31b4f510999c338904dbcf0452464ef208764d1c3bb03904635d42889cd554acf145494a07b0ef3a6eadfc3edb |
C:\Users\Admin\AppData\Local\Temp\wgUM.exe
| MD5 | ad538cd250141f0ebd76355ecf2a0e04 |
| SHA1 | 275c2f417f7dab5e808bee7e32c55df07bb710fc |
| SHA256 | cb48ceeae123a6f4e2b64df640f78a108339e7d5ae9c743681ebdc52a3df59e8 |
| SHA512 | 3fe43d911082734abc506fcd7c84268a463f06c4d60769e00d2e5b00bddd92a1b409ca75b13536e34bed755f916b5c16ae21590fac3359e4de32dcfdceb66e3c |
C:\Users\Admin\AppData\Local\Temp\EIIS.exe
| MD5 | 72f78e0e80b4e92e64bf04064455c04f |
| SHA1 | 13b937a7307c0e028e9a92dec525597b5a2ce87a |
| SHA256 | 5fc24b71ffdec2e89c74906954fb8155c21b2288e2e2fe9c6a0e68a13f90fe93 |
| SHA512 | f44c5e022f139143d03da95a84d67a92311ddadd9c0130e6cb52143e9e3cd9c6cc6d372c8e40ccc173741ff73422686aa6a8037988765c836b7b3a7038602e08 |
C:\Users\Admin\AppData\Local\Temp\mggM.exe
| MD5 | 7a3fc20bce5897294c850f90e669c164 |
| SHA1 | 5acb5c205da0bfd1c6c4c004f3baae2fb26412ef |
| SHA256 | 78b373a89ce9b63a5139c074b629d454d76ce076080a75de499336002efdafda |
| SHA512 | 34906afd3f484c894ad15c6da62f94278529896d373678548476f59abca27696c984da620ea2899e86a22204de6f05bfc5a682e0511809e668a449f18b8fcaf1 |
C:\Users\Admin\AppData\Local\Temp\MgIw.exe
| MD5 | 28be75c8e12e99bd2cf1f96dbd879635 |
| SHA1 | 465ba504793c7402f1cbafe6ef2249bd28d275f4 |
| SHA256 | 2d8ac08fd486af88f5420ee55a269b60360f643c71fd2c1ec058bea76929d253 |
| SHA512 | 8b104f69b55191f2d82e148fe726cfb8575ee22ffb9de5e7d4bf9e9371b00b265972082531fbd8326e042fb272d0798894dad108e768387ce27a98bd09b04faf |
C:\Users\Admin\AppData\Local\Temp\mooQ.exe
| MD5 | 63fabc1621a75bd2c8b97d4d39846762 |
| SHA1 | bef7d0fac2fd0ce6242cc9c7781ddc2232a28ad3 |
| SHA256 | 83cf89271cc22b9185a0e8cf1890b66f923ecf0fc18d813f9c998512b7d0ef11 |
| SHA512 | 31b3cef6dc80cf2a8169e24ac5c5f96dab2e0c3c71fa9b2630d9fdfa1b47f78b03602435eacf941f46014bad322340b94098a9487a25737a205a3021bf1edfe2 |
C:\Users\Admin\AppData\Local\Temp\EEIoMwkM.bat
| MD5 | 549349982014191c82fe2c3db91cc022 |
| SHA1 | 69e6940a2a785bd075db377450f4c9eaacf52965 |
| SHA256 | 37e7740bac4bdb4618a73d24c8c62df685f3e162038df3bdb6a3a86603fbd478 |
| SHA512 | 631de39f71bd5185da7fdbb7d2bce8f7b1d8225237cbc8b445425dee44ebb67531ec35fb5ab853c4250be8e239f82c5e36b177d29673742485196f0fda46f5e8 |
C:\Users\Admin\AppData\Local\Temp\ygYe.exe
| MD5 | 8836a04037ab49a0342bb21be8b819fa |
| SHA1 | bc3f158a2e42cc340100d0b2fc218df9099fdcd4 |
| SHA256 | f40f37afa81d475d8fa756779f2dbee8611289d92dfd1dc9a8ca43fbf19cec22 |
| SHA512 | d503cf80806d02d6936ea6337d72ecb30a1190e3106e5643f159a39f133070d1f8a5f69dc9c546800fc198c30716444983f3d325889e7ce55d57555fef556a83 |
C:\Users\Admin\AppData\Local\Temp\WgAU.exe
| MD5 | cab08430730aff3e220f852e952b7c00 |
| SHA1 | f56a5c8226416a17c43370b598c6f6c7868962cc |
| SHA256 | 5585168be5f95c6d26d152a403096d238e021ecd381e0e51e05950e0e24795ab |
| SHA512 | e9bf792876920733c812f42190ff8f18b1fbb87e4b431369c70e2725cb5ba7b8e91b4999657abb86fcece9856d4f7e2536f6660087a555c6d0e32203fc5d230f |
C:\Users\Admin\AppData\Local\Temp\eYMS.exe
| MD5 | dba590f3a80de8ad9874f16091e045a6 |
| SHA1 | 6d3ad77ae7ac80764f5746ddebbe85a1fa35ca81 |
| SHA256 | 96b760720bd0ac3b528cb5a2e91f39c6b4ca78389d2ecb1ce13ee93b50824b42 |
| SHA512 | 7e0caffc233fa2ca412107502c19b757404a782e2c81f85a190c761f2f6113e80570114b5994436b243ef59a124367edc1c12bb7c1e7f89c31d3156ceeb0d60b |
C:\Users\Admin\AppData\Local\Temp\soAE.exe
| MD5 | 234a43d0af0557799f51654d5914276c |
| SHA1 | 6c46292f88790531dde6339b71da64e59222f65b |
| SHA256 | 4256bbc3b16f9f04c55d2be210945a23fcde8208ec010a7b47a42a032731588e |
| SHA512 | c4137303f6122416338a53f1e96363bec5e050bfddfde99dfa77d9d67ba8b6c0946c87c34c635ecbc3f4e032d2300f506267cc9d960f999458d204d67036e6ec |
C:\Users\Admin\AppData\Local\Temp\qgwu.exe
| MD5 | 59d3ec04b8fa81ad69de6adc878b209d |
| SHA1 | ff631740bc147b57abbbd304bff15d80cdeb1cf8 |
| SHA256 | 48847e4c7d07cb002358c966ec0a9ef75fff3df5cbae47dc57833700e1bcba7f |
| SHA512 | dc6816c9a4b8e4b12657629d151b6df457bf4711a70b4e8cca30e7bda64d9339761274aa29093de44b4df55537d0f949736d6b7a2c4002b631a88fb4eedd0468 |
C:\Users\Admin\AppData\Local\Temp\QkAM.exe
| MD5 | 0913b55499294ed97d2ca15cc5277eff |
| SHA1 | 22aeb9dc3be07d34f718a6144a03dfd0cd7cdf39 |
| SHA256 | 470602061eb81aaeb5fc938352bb59ea4820b0b8891adb5402a1abdd443c2ebe |
| SHA512 | 1c1990f1bb018ec40d98a56cf8f6bb69201ddb8fef491e58f47b8fa91213ac50b62af77c04b8049af97200fe4055c2bdc84c8a6e2b90857d2124745e38d7bd3d |
C:\Users\Admin\AppData\Local\Temp\kYMq.exe
| MD5 | 2cfb0bccb2ad0a3adb2c34816183899c |
| SHA1 | 41ba404829ef17999aa70c449ff4bbff3c5adeeb |
| SHA256 | 09b3d7a679dbb5e3c6ba2e7b6573ad71c30c0b3ef6dd6f4f6a249753bf973a87 |
| SHA512 | ed10f64aeb95a955ff076825396c3e2890f038d53f542ca21ed54c23025a7dc207c210f3d715af4434d04679879a38ab0eb056e4f4b030b1c7e7d375a2543c5b |
C:\Users\Admin\AppData\Local\Temp\WwssQsYY.bat
| MD5 | 4c0d7fd02d0b161692a585528b1b8b61 |
| SHA1 | fbae7b876fdba87e10ee7727b1b4765e1fef5b10 |
| SHA256 | 407de4a2e7c689c52ad594c29d10f99683da3049d29045a6637631ff18ed92cf |
| SHA512 | d1e5d89b99b3b6991be3aba017abc8a29a0056b4ff6cccc3fa3479c93303ac71212adf179a4c839aed680882bdd8ae954cfcb4395c9db21813856435753d55c7 |
C:\Users\Admin\AppData\Local\Temp\MUIO.exe
| MD5 | fd58c05c0e4e31643f6cb4a067732a7c |
| SHA1 | a41425eca2bccf451f45eb274685c59f17fbad34 |
| SHA256 | 4d1aeb3a7ce89f342ebdf47758020ba93c8150418e532c1ad74641d83832a7b7 |
| SHA512 | c9686947ef7443a000f91979659d3238b632d521d93490a34b70c4295c0ddbe0af4d8d94e5910244b30acc773a1a26d23d90c562c0c9c86056ac5555e7602d1f |
C:\Users\Admin\AppData\Local\Temp\WAEC.exe
| MD5 | 5b1e2db2e99f55130f9a3c70f8f5a6e1 |
| SHA1 | bb7c475cd01a52f6011e86bfca0db6074e454cd1 |
| SHA256 | faeb309d74f35d9cae0c6d2d160b391d1cb9cccb976f4c678025ec484a1181e7 |
| SHA512 | 63836c4820da214828827441eb8b1c599536737dd6fabafbaf1ddabc2a3cccfdb4faa117f43932c49dead48f9768c1abb5a96b8075f61048c316bc9006ee23a9 |
C:\Users\Admin\AppData\Local\Temp\gAEq.exe
| MD5 | 713a9bcf1cbc5b21c09b0d6a5ad8cd8b |
| SHA1 | c8f1c1f409e1ffb7ca82bb0a465e78e0b281fa3f |
| SHA256 | b911a0937fef430f3103d2d2240e012da65917b5839d66dc50f833255e9d6a56 |
| SHA512 | 1c525b964455ac73b4d6638bff0b6cc13375687aca9db531c577a815db8026bf7ec589400f827ae92691a567ed288b86e1d0316e9d892cce7b63fce1ce13616d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | 304c78b10f43f0725417b2b3779a1536 |
| SHA1 | 2728547fb70d25d0935c42c78d10509e5bb3cfbd |
| SHA256 | f534889081bae629981da029b7891121b46867a19fd822d182ca50d389113cc1 |
| SHA512 | 96e0d19264f6587bba9ae5e8e242517a7247bc4db737f02f131152821b87572554cfa8dd51e7de14499c581919211976d83b065c256f234a89dc735cabf2a39c |
C:\Users\Admin\AppData\Local\Temp\GqIgYsww.bat
| MD5 | a4a5e8df43e8be00fe0a7ddce3396c64 |
| SHA1 | ccc14fd01ca4eafabda127194fe02f503b108fcc |
| SHA256 | 4296743bc4a149709a60fe7c50bcd03c02fad381bd41106c2b543229c2d3ebad |
| SHA512 | b916f40b3b7bd3ae1730da9443293355b4ba82919e441220266791a8e04fc044d0ace4f79098836aff3a5372a8769393ac4d962a9a7d7983f394e3f0db0fad05 |
C:\Users\Admin\AppData\Local\Temp\woAq.exe
| MD5 | a1ba44ab1055cac1a4dd34d897b1bd67 |
| SHA1 | ca5b766b4375e09402798ca465327250c62ab4fc |
| SHA256 | a2c56c28086ee8d1116e170cca1d76a57bdaf6167aa07cbbf7c2b178c7b4e18f |
| SHA512 | faf5fcea627ada01ca8a943cff1256e2a67c01e0a9e6eee4cd4857aa3f6a74b93cf5022a5842de5f31d7eb40d018fcadd2d204ce83344940e19e9febc8c322e7 |
C:\Users\Admin\AppData\Local\Temp\qgYI.exe
| MD5 | fb6954e73c329e252c0fd5a0169f6f4b |
| SHA1 | 95b0564d5404d4da31cbd228a22ae4637a8369c6 |
| SHA256 | 9bc6519c4da5ffdcc1773da1563d230fdc5fb282bec29babd096a7fbddb105a0 |
| SHA512 | 5d9d67ef6b22c7c96030eea9d3d9fde520bcadafdbbbf8a351e3743e71c5b05fd5b33c417878c01ddfb4a8484f0fe159528a8fee68059aa870caa79144b09f48 |
C:\Users\Admin\AppData\Local\Temp\GQko.exe
| MD5 | 65f59c27036658ea0bf783e2000ee519 |
| SHA1 | dd4b7643db9cad406b681ec046036d0850add9ad |
| SHA256 | 5c40cad9c7c3c8b1c828f435cd10df70791bb4c15f67c06d0e46b782cf92e9e5 |
| SHA512 | 015b81c2fb65ebc7586ea039e5ebef409947b33842dd0863a2ab549b51b23a30b2a07b0e24cb39bf66f4a52a438d9f3246b2c626339b42c3d201d42be260911d |
C:\Users\Admin\AppData\Local\Temp\QgQC.exe
| MD5 | 819d1da302fc37f24d65f802153a4f66 |
| SHA1 | 9306f5f686aa9e36998aaf9d16a647ef4cd9fd66 |
| SHA256 | cfa2798c28ee39cf6ddd14b1be29f5c1ecf0b2b10270a2d483af86efef11ee3e |
| SHA512 | 06ebac8e7784930f1e3c8ceadafdccece2873d070162f4254f4380e188f44bfb1e911f59198073b598e40d80fb9cb820ad952f7034f02e8d32aa13770129bc22 |
C:\Users\Admin\AppData\Local\Temp\cYES.exe
| MD5 | 4d15868fb7b8141bff08a9c98db2c447 |
| SHA1 | a52a295c14c59ea3755e8fd83937e0b2df08d29e |
| SHA256 | 63e05200b0956ff8f444c9bdc32a84a5c3cfd2b5c4a9e5cfcdbcf9081b89fc05 |
| SHA512 | 13891aa057c3fb1122f7d9eac798f55807ae17b669df3d293df59ace9c026adb6ae4cdeab2d1fefdd7536d4205cc5d7d3cf0761a991b01c052d3fcb414d0ae65 |
C:\Users\Admin\AppData\Local\Temp\VKwwgIgs.bat
| MD5 | d69318f2a7b0a8fd21c3f9c43b5c52a9 |
| SHA1 | 3ebd4f4353c7e30dbbbeedbeba06bc973b5e1b2a |
| SHA256 | 1409dc62d62b56b9ec481fb02872faa150f7b62131510fe1d7e0792951b322e9 |
| SHA512 | 6293b48265e939813fa496a1ed31c1f4ef0b1afdc25c5058a86f932b793ddc5e55cd1b0a25274bae3f06276ea4cf5f17f5e646aa3bf76a6d25bbf2ec3fa853ca |
C:\Users\Admin\AppData\Local\Temp\YEkY.exe
| MD5 | c8f8fd4f39fb286da47425fe3e3edc14 |
| SHA1 | 023552e38be94e4da22372311b19a5c6d8cfde1b |
| SHA256 | b45a236d61cc86fa2b3fc2e15950cb2acdd370c92f42222f51bfd321805452b5 |
| SHA512 | b2829b385a7d07af850a7070e9b6d73627bedde4c31de874defa5bb56b599e58c82263c9d96f542163ef1b6a2db02ea4d208d3845f906713b7625ab31e5b2b1c |
C:\Users\Admin\AppData\Local\Temp\cUsY.exe
| MD5 | 7f274e40e3f948b88e6ec4586b5f90b8 |
| SHA1 | 33711bed4bc93bbace5378cfbe23edd5d17e5209 |
| SHA256 | 96f95bac0481fb27111dd896e55eaa73cfab2a9a326cbf34fae20c821d4d68b3 |
| SHA512 | b8f4b9d9612fd01de815c26e5636c046846159e68ca71b0b2756657a021ed6905f8a54847175a521ba48c41234f6a9b2e26387119fa14c286832fb61a179b8b4 |
C:\Users\Admin\AppData\Local\Temp\fQoskkIs.bat
| MD5 | ed584236fa8746fa93d199c10a4f52c0 |
| SHA1 | 14452dbdf0a881a370cf4beddb57673f6d99ebe2 |
| SHA256 | f12d1406a37d82d086f0f5ada05ca3828901a0e9328dee67e6c0111e44933486 |
| SHA512 | 0e0ffe2170025eac8f01a8fd2b66bdeaac85aeb75b15f2d1257cd1dbf795a59a641963b50f69dea7a46a1f308b5a07041d861cc701849c960275e4ca9ace06e0 |
C:\Users\Admin\AppData\Local\Temp\kggU.exe
| MD5 | 72c3c9e9acc3ecaea4e7b31ad1eadef0 |
| SHA1 | 09945bbc769b876a761e68906e16e8b14c547550 |
| SHA256 | d97e296471be17420df4c68a4bdd562bc40c8f513e60621054c435eab779db37 |
| SHA512 | 7a472a356438ef4c8bf149ad457e3b70722e1d7f1ec021768964200793314b7796b64ed9cfa0e8be2d1aedbcbe9d1c77a6d6d0a63c64664c0584da76100ea62d |
C:\Users\Admin\AppData\Local\Temp\GQkw.exe
| MD5 | 1f35184e9a10797e3c97e389d1b63fb2 |
| SHA1 | afd8b0be061096ebb8dfa1e7ba4d92c414dcaa95 |
| SHA256 | 921e2b52bb55aaf446f59c3f8a009ffe45789a45991538ae6c88eac309ed3d49 |
| SHA512 | 931675e46d4eaecfdaaac635ceb3858520b177f54e2d182f4fcfcbce9f2a4a92cae4dcc5dfb45317467413e0c47fea49fa814461e973ee83feb5d881d6c07869 |
C:\Users\Admin\AppData\Local\Temp\kcMK.exe
| MD5 | e34c606c5be43e404c92d04451b3fa27 |
| SHA1 | 88aa8ecf04004be6ca04d9d2b3e8093c6652fed8 |
| SHA256 | e687180bddee92bc2a2a3192c2972646886d25d387a64e899166530776610400 |
| SHA512 | 139430e640308acde5c5acc5151c994a89dd8ca86d536421760f163c4923068b2beab943df9e0473e320f46e581d9e09a35ae50cfbe85d363c656464f48481da |
C:\Users\Admin\AppData\Local\Temp\JGwkowco.bat
| MD5 | 509b0b9ab1dc707a6c2336e0fd731be3 |
| SHA1 | 9f80ffc757c7bc645261f2132f2b93dc4f8bdab0 |
| SHA256 | 6378737551da8c26f5bb3ea835e264a051412bb445fd35ac9459e58b3641ee50 |
| SHA512 | 9d2b6c55c4e71bce91723eed058de0ac890790f2729eeca135e9099fee68a0105ae955adfd172f54f555b6448a2e6e64bcf7ce2bc6d39111cd1c8a4c4b66ab09 |
C:\Users\Admin\AppData\Local\Temp\ugMi.exe
| MD5 | 1426d2abfde295b1e19902988f89c6c9 |
| SHA1 | 85e381cf5ac58510e75674506465d48014975400 |
| SHA256 | a86aab506aec5f3929a8f4b7f8fd0436ab6b4ab4780edae52a3d9259e3a883b4 |
| SHA512 | 35c21f337e6fb697e2dec40c212fdbaddc6d0584ce68bdcfb7332f2e3ccb94a75bd3b133d59dd44781729d872c9b9f15196e0b4d5ba0376d0a26e233775043f6 |
C:\Users\Admin\AppData\Local\Temp\cEQi.exe
| MD5 | bd64262ed40a8390c83ab41659c1a303 |
| SHA1 | 69605aaab95d8e06e10d5378cd610f55573aa17d |
| SHA256 | 418679a3303cbbb2e6285162cadb09d64d113a4771f3c51214091ceaac83fee0 |
| SHA512 | 4ec48e7df4ca05b76bd09fd22cc47fe9f53befc567cbdcd46635a2366b264285983de78d18f7127e7cc32f98303c0604b377ec37fc325f2e265f3a5664bbafcc |
C:\Users\Admin\AppData\Local\Temp\yAIQ.exe
| MD5 | 4cd9d208dd8fee760cef10d790ce49a5 |
| SHA1 | 6ab97b47727e7e47c8111e75b504c4fe3cfef326 |
| SHA256 | d8d97e78e0dbf04495b6f8793573241a01562c65e2ad3b06abc1d89512a56a5e |
| SHA512 | c9df975c5d9ebb3b30ca2ae54dc6d10251eca362fe0a1c9053a7118d480ce355a296f0ed7f876f1e1f3e9517f6c8779c37e34dcc3f1349e675ce784595b969c0 |
C:\Users\Admin\AppData\Local\Temp\DIsgcgAA.bat
| MD5 | c113009f93662a87524f4a08b2dd2684 |
| SHA1 | 19ecb26bf0ecb3b1dbe161a436d729e987014818 |
| SHA256 | 4c951ee764e96158e229c49004a5c12d8811f6b6b95c5d7741edfbe6ae07add0 |
| SHA512 | 1e748cfb0a49ffa58de9239a84f20e3fdf623a7cdb455227c285c7baa845990fc6b940f4c4a1fff79df7b090b1a8f1b3e61872f1ccee53f564449d114ec7e48e |
C:\Users\Admin\AppData\Local\Temp\KEkG.exe
| MD5 | cb47f6c84ac2448e60214b74e17e23cf |
| SHA1 | 0750cdeec837f4a690deb5328afaa7b468d80340 |
| SHA256 | 03a033568240442ddfc042fff085ae6d777ee6379d184d136f5460b5a36d63e4 |
| SHA512 | e011bb699272195ce0918e9abec417aa2cba413cc2d3eef595edccdd942113275ddc2f33062e52ab1eb88eacad8315de3ecc4c7482ad52d1e6acc825deca3a1d |
C:\Users\Admin\AppData\Local\Temp\IAIY.exe
| MD5 | 72a510371575d9d83c4f90f70b5ca199 |
| SHA1 | 1ae22b1b24b54de169efa72e8a378a1b59b446ef |
| SHA256 | 90215bdf1912779516f04dc941de58d8bedd666ed158d676f42952e35c0335c9 |
| SHA512 | f4d6c0c59450332170dc21c2f9d6e596417db41d3e0058133c86a90837ec0e6d4425c2bcb4811b9c509617000c93b30501f95f7b6a801fb6b9bdbc85a84e77e8 |
C:\Users\Admin\AppData\Local\Temp\WIEo.exe
| MD5 | 64b1c41b9e14fa3acdcee37ccd9176b8 |
| SHA1 | 79727233ea735336e8a68a8bea62e0f35555fa0f |
| SHA256 | f84fd956e7e326d5b72d74de28ff42841ffa60c076f50f8f8e304f5384753ae1 |
| SHA512 | 98e8f6a18f77b643e251c588cb38ecaa7cfbf59f96fc2ec31d3e0df7744c6719dab08e235c5ea4cc848fd709df7f8a576a395fedf07f28f80fd89de743dcf356 |
C:\Users\Admin\AppData\Local\Temp\VsAoAsIU.bat
| MD5 | d12292eb52970d58d14bea61497dd276 |
| SHA1 | bc4853fa500a27ff8d28a542291ec4782fde655d |
| SHA256 | 391b254a91c6d34529021b2d0b3dad42f600e6e42d535547e0e1da5d63843d14 |
| SHA512 | 9ba21265bdf4b6f99e743f7dd995dacbf0c52c82c1d64a6e3c5a3b23dfd9f1f84665d3c1bcb2e763eceb8c85bb3743912b4b72e0ad17a331c8bf47d99525571b |
C:\Users\Admin\AppData\Local\Temp\GgIu.exe
| MD5 | 765a5e705a8f20d5cf92458726b7f324 |
| SHA1 | 18fa4866f1cf7175c0b13907d9f28bcd4b90fcf5 |
| SHA256 | 42e80be82dfedeca5de9c71a84045cee22bf644bb26793eb0fad0da9777b65ad |
| SHA512 | 054ff53140ba5b9274945ef54a395046981faf8bab6efdf8f51e0210aee0a9f29c601ab170a7061ba3a9879f5b650185a6025310d5eec7f334d31da4b8032c8f |
C:\Users\Admin\AppData\Local\Temp\Cswm.exe
| MD5 | a6d50f230d37445b912b20697b620e1a |
| SHA1 | e5345a9cc8cc9c011348f5c707dc9bb250fb626f |
| SHA256 | ba96a28d69e4fbd4d32e54b43988642a45a52250455779196c97ef2b500252da |
| SHA512 | 815fc9a0bfe1295660221aa32b280a5d750280e7b408a8ca7f4f25a2bd7b9e07b4b9de68b2631c8bd4b9ba61fbe1c59a380538316cd59d3d804aac08aec65f31 |
C:\Users\Admin\AppData\Local\Temp\UIgIkUkg.bat
| MD5 | 0108028854036516b981e77f1cf9f44c |
| SHA1 | 95477ba5d8d8412d34a4b129539a72a567957c44 |
| SHA256 | 4d946e0c74e31718df9de5f7cbcd40abb8a88f65c69d83625168f2c87c49300a |
| SHA512 | 4497a276e515d9329b17198b14eb4a0ecba7e0812a01fcf9598dac0569a03e890665d135fb14b4f6cf3260b232ac18d129b980452b0f1c289c0b1691b0bae589 |
C:\Users\Admin\AppData\Local\Temp\akkY.exe
| MD5 | 02cfde704a35e7239221692955d8cde0 |
| SHA1 | 5c12251a6d48d6d0298762f259448b156bdaa4b7 |
| SHA256 | a443ee1372f2fef829c92daf486c2d42e8059c139271bb11d9ecfafa2416f3cb |
| SHA512 | 05d83a1d588ddf696f2709e32c4357d3e439cc1e125c1235dd2c734f43be4ee60ce88d2129a60d3d4b17f96251a813c11239dc22eec0df5192c68eca050769bb |
C:\Users\Admin\AppData\Local\Temp\owwy.exe
| MD5 | 5e91dad9fe2a6f7d5a501447915685f4 |
| SHA1 | 9c54e668694b1682df398077c28dd7337d4af97d |
| SHA256 | ecdc5b1f9bb85bf09121551c8f292d4923f56bc443ef52336cbf0ea7c1982e95 |
| SHA512 | 17e933d59535e2ffc56e14a470c02eb0db025cc93b17cc282477d7190c61dc1850a852c12c378eb9d2d9cb801c34fa76bd09e90d8397dd10f153358c4d8e22ea |
C:\Users\Admin\AppData\Local\Temp\ycoo.exe
| MD5 | 207b6146983cb8d362c8de73b621e152 |
| SHA1 | 513ce5631f871f736a87c2636fa9c1b85e521b96 |
| SHA256 | dc75927bb977e09165eaf16a1ba9ba718b7902a8c527ec73ee90bd2f7821935b |
| SHA512 | bece23b5cc59691d857d13c8807007ed1e377a724689b9601a46fa5f667c858c22d236c6a63504305cd09bfedced3bead1692fcddb6b664ac54d524e73615c6a |
C:\Users\Admin\AppData\Local\Temp\QAcAwswA.bat
| MD5 | de528c1064b133e8090c18bac3293a3d |
| SHA1 | c2ee04d636edc94ec93fbaaa24155eca656ebee6 |
| SHA256 | cd1e896685f8723a6fd4efba5449c33919b4eab6312a470d55c3ec7af8e6543e |
| SHA512 | 3700c870f1bed9fa65e8e9133b592c0445d8ebf438465e6a1301bc1476784f977ff5cdf82d272450e4af389dce7bfb6a31707f72a25dae1c2917018c3caf85c4 |
C:\Users\Admin\AppData\Local\Temp\uIAk.exe
| MD5 | 9ade73d62b8dc6ea25e7a6439b452fa8 |
| SHA1 | b7a41e078a484cb68c4dd5a5a0b7ff1434e41f66 |
| SHA256 | 33e2f2cc96dbe9ff7a5a4b60ed176f58ce5d7ea8321a1b916201e225f7e5535f |
| SHA512 | 5edc3b6b91206d02e253569e1480ab437f096c567cb79468644abbd274c07957e28d64be0da008dad7447dd7817a304c46f308ca9b0f46f575e6ab22de37f57b |
C:\Users\Admin\AppData\Local\Temp\EIMY.exe
| MD5 | b589fb82364b52e8c3a8beb64114a391 |
| SHA1 | 3bf3367eb943286f18e6c2b810d5646225427d58 |
| SHA256 | 64a277de2d15a8e6a0e3e373956cfe756b764b107059c468de8da48d37539b11 |
| SHA512 | 898375838753c1e4eac556eeae4b273920f266111b52ab4b99937e06a76a7f903b2f7e7ccadb44ea6e261e32f1e5f00049abb5173eba47d7eee338645dc5bd68 |
C:\Users\Admin\AppData\Local\Temp\KsIS.exe
| MD5 | 3caf44a0eeacb7986fc0850faf96cb54 |
| SHA1 | 0407e209ac6b1be8e78790f61200c0fed590a4fd |
| SHA256 | 390d0b0b59dcc0cdfba9341fb65ec55b4e834974c2d11675a04c1b55bbf8adff |
| SHA512 | f4e49dbaf20e675d3ba7f27ea8cd58e4e188060e830aa76dc3aed568d54723c56e310b0f10b97d6ca8b26fd582ac36e98207a7e24f62e34f9a1370b4a751b08c |
C:\Users\Admin\AppData\Local\Temp\uEgO.exe
| MD5 | 4f7fe67bb000ec404f79fd3fc5f79402 |
| SHA1 | 3a089b5ba7e4e1a4175b8206213f75227559215b |
| SHA256 | 61f7741a01ae78c4eab6b8555c851dc15d5ac836b29a6d4a2e6fdca17c54d602 |
| SHA512 | 636c9eb57cf32c79db8dea16f82410718edfdd7b091cb680eff68efe4db2a42f4631a2faa32796f125c9f05c17024a8237663e4b8377cda2cc8e1724cee43c38 |
C:\Users\Admin\AppData\Local\Temp\esEgAMgk.bat
| MD5 | c0a2b1ebd1ec10db8c153481e895cd05 |
| SHA1 | 572cd738fa0836f7952773d4a96858c6bfe5440b |
| SHA256 | e98ff029de1daa3126c8fd930d77e286d5e20edaa25562fa05048376c8cebce2 |
| SHA512 | 9f26144b4fccd69a19e891366cb3a11c00ab06de9b419542e61d04495b85d3edbc15fd29687a1e1793c32c787cc1e1a0905beafda0a7aee5d43b6a551efc3d05 |
C:\Users\Admin\AppData\Local\Temp\CwIA.exe
| MD5 | ea854d7eedec1c292cff1d1bbe7aeae3 |
| SHA1 | 90fd6e05e90c977f655a93c5910cf30340335217 |
| SHA256 | 8212a37aa96a68eb56aae16280da106b4ec952ec14626b8ea70025e53deb5535 |
| SHA512 | 8f0c90432a27154f0b8f72890631f762a1eed2724fcf703c8592689967aab2db70fd8be5704d685d4485c8f72a2365b0b2513f916283d5032e09384a8db76824 |
C:\Users\Admin\AppData\Local\Temp\mIgA.exe
| MD5 | b4655c30f9700b61be5673f7e9ea3e4c |
| SHA1 | 2102ce77d4ff712c597d56d4d68b61fab2190a78 |
| SHA256 | 15b82097a1c1cce9a57f06e61914fc2972981456b23844ee3c4a184136d8d762 |
| SHA512 | 3557b58f30c0a4cdf939fe65f6ad72ab04c70e3e18f56cf95dce78dbd706a6de962fa2df531eff51c78f392075f2c73f3db32e9e6ed00428f2c9202d820b4b6b |
C:\Users\Admin\AppData\Local\Temp\Uocc.exe
| MD5 | fecb119e65de9018b9028a1668911384 |
| SHA1 | 4753fb5f57fc3a871e21e767f40c0522c6c9162d |
| SHA256 | ddc4815a301ebeb5e1f48de77946f3a47c2cb40023e9dee4521929d0dc785785 |
| SHA512 | aca794beaa836f85b98f29f51d981af1a4ea2386e43e167e53033cf56322570adcfa21a5577f6a7d8de6ca1aa1a35d324dfec89d604c923a64192b971ef37938 |
C:\Users\Admin\AppData\Local\Temp\KeskkEAM.bat
| MD5 | 5fa3db04a63d6ae5a6a610c61eef1ae8 |
| SHA1 | e2caa29e149bbf2880fecbf26a055174c6616ac5 |
| SHA256 | 90b35f441e04ed198b23e2fe53ea5458bd6223f3c23702f20cb518b9f4b0bb6c |
| SHA512 | b66ec52fcc2ee79980bb84812a89cccf3537e046ba3b5956bd61524c68c3bdf579bb654b460453b5b30d60c283e778adbd1059665b798bc910f14355a42f68a5 |
C:\Users\Admin\AppData\Local\Temp\ukIa.exe
| MD5 | 710dca704e02d101f92751987135ce98 |
| SHA1 | 665f0affa75b182ec91f4cf1a0a7b35c5c1011bd |
| SHA256 | 99326cc86e30171e2cade0e158e0db080bca5efd7834b42bf78058d00122293d |
| SHA512 | 945f2b0a2b6e635f93093523943d7339c112a3863f2d36f58932da79158087740ae06f3fe6814e70dafd0ea4c5607c7f34956b286363bc18e7366a1d973565e9 |
C:\Users\Admin\AppData\Local\Temp\GUke.exe
| MD5 | 1abcc1fcdb0f5a81552af01cafb20b72 |
| SHA1 | a1094982a170c8271f3f440776c50487e541d2e5 |
| SHA256 | 31841f47f908df57f4431faf982d7b6f5be8379125997af62f8aca6076e45077 |
| SHA512 | f6dbf059d86cf24dd44f92a58317a65221497188472ca1aab4bbc79c1541e456c1efcd78d60ca29b8fb009e29c2d62ea4803a18102f03ff2dbac9c7ded2f62ca |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | 781fc7be03c27aefff55cfef3d0db4df |
| SHA1 | 73c3526c8237e63b953fa38674df622b3d244871 |
| SHA256 | 7648b8c656ebc62258dfd9dce168ab77f136fe560d1022a118748333eae1fa52 |
| SHA512 | f2deee32caedd54f26c93a77dd128533ac393419f9d9a302df9d06d4b826fa355c1dad8bd6462107ca9e80dc462f38da27070ec82db70b663fcce1802b0cb3aa |
C:\Users\Admin\AppData\Local\Temp\PqYQMIkk.bat
| MD5 | c349ca49dc972ce940e601712282d320 |
| SHA1 | 0e27fb85f49a14dce1fccae446d59b752de8c49b |
| SHA256 | 1b0c6ea31bf24f6f071071a4f5a4c758839da55a5e9a40e4b31a98a887e515c6 |
| SHA512 | b0c80f255488009dcd834ebc1c8aeef1fdad1c4a87e461e5a02a046eadbdd59be37d0a1487a103244661245382573a535d8eb56139381ff8eaa43099e6d6a92a |
C:\Users\Admin\AppData\Local\Temp\OQow.exe
| MD5 | 1dfe9695c75df9d48ae64758dbafe338 |
| SHA1 | 86b2f58bbc610e80ebd11b5e903cc55fefcb448a |
| SHA256 | 54afc10bc2613093873c6ac7bb7cae64cc1e40a3d2b7384ef1dfaebc302b82a5 |
| SHA512 | 4af851cbd9bf4f92237cb2e6ab1fa6920a4e6a2b161b32c429be8c5ae97da7f0209231a5c85cd72217e9e91a0a4224111aa7d7ba1cd94f5a13086d8cf499e758 |
C:\Users\Admin\AppData\Local\Temp\eMAY.exe
| MD5 | 1c1adadc29be332ba38a7a3d3678297f |
| SHA1 | 4fb015a062b9d3974f8f7acf6032a03abd6823c2 |
| SHA256 | 25255204465fd65c9583e54c288a33718dc79c9032d1f14ae446ef64d8fff8df |
| SHA512 | b67aa4bf7c520dfa47d2c0c40b75489598378057141e01d8527e3030677ec44f07baa9d9d64f6cafe2073c92ec8b7fa22eccc92f1daaa17657bedd6eb6f61776 |
C:\Users\Admin\AppData\Local\Temp\RkEEgwAM.bat
| MD5 | 764da23906fd2e95fd1ccf47dcb89d70 |
| SHA1 | c08661873671938a26e3e9b7b6d3fb1aba459897 |
| SHA256 | 5cee840a95d66642c0dd6d9d4362a0479871d7bd4aa206b4c2db71027c6eb59a |
| SHA512 | ffc5ffa8805762cb2b589af5a9d029cd8d8bbe8841f5775c1a1a6cade6e747dfd181c340c7f9cc4676f6f6e5aefd59dfe77059bb6e14cd327823b2a4e00f0a23 |
C:\Users\Admin\AppData\Local\Temp\iEkm.exe
| MD5 | bc9e71b241da26ae6ecdd52e866ddd13 |
| SHA1 | 355363adfe096773499944883e923bde6269a408 |
| SHA256 | a91bf0477285d9e5891132d00b85f013e5db4126009f1919bf25b5f9a0226c5c |
| SHA512 | 499b73fc8d0a8b06b6b96550a8632f6d09871a714b07d67de3683356896c68fb85981a777eb329117afcbccabaa52435372dafdf330cac1d842e6688b7466329 |
C:\Users\Admin\AppData\Local\Temp\bcMgcksc.bat
| MD5 | 74477e3cb0c0b43fc74a624e5915bc83 |
| SHA1 | e95c7a84c914d53676bb1360e68121fcbcf78ef5 |
| SHA256 | 04e70adfbe2c672cc566c5df359b57028dc62d641060bb014135aa2d323df661 |
| SHA512 | 33025a89a305a7ed1df65a0c382aa5dd06911ab5c67bda1a33ddafcbb7eb4758937abaa818c63c8ee84afc7df157cc73633a27ec7c9de3b9a7cdc172c5ff82ca |
C:\Users\Admin\AppData\Local\Temp\BcYUEYUY.bat
| MD5 | 6c27e355b3bb9eee9e3b3ce8d995b314 |
| SHA1 | 44e0cbd600c816b741ab8bbf94f188db5ab495c7 |
| SHA256 | 1d88456b217ed101f30722d631c4ccf7e1908617b3a16fda905692d8060cee9d |
| SHA512 | a271651355ca59ce4e3c9c3b11236868ce1c1742ee2c07f8d17a85774c01cee20b8c0e534b11b77b980d72cca49d122980ede24695d66548986ea303ffde967b |
C:\Users\Admin\AppData\Local\Temp\HYIMQgIA.bat
| MD5 | a582858e6287e871552a2cc475ba778e |
| SHA1 | d8d9a4c77fe1f833ddfcda45916bdbb2ff36f4f8 |
| SHA256 | ca7450795b4d139e48da09fd95051548752f8812c500b07052d636241fe685dd |
| SHA512 | 2b786c4843444473abaa854b62fe06b036a0083f53e65550e23d8f1e7affe95f2f6f6bb5dd084330cfc642b24ef7799848f67fa022d5f923046433d23a8edd93 |
C:\Users\Admin\AppData\Local\Temp\mswe.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | 3c5c7e3dae9973a8b6470b1e87322e18 |
| SHA1 | 88038109018b0ebd3a0884a66fd6ed0611bacdbc |
| SHA256 | 1dc79528fbf649f6f06fae3aba53e701a65ddedc9dea8e5e891111a601811427 |
| SHA512 | 985cfaf0ebb62aefe1a1ebb52dc998af517367834c578825e166f9fa65c3b95f3c1537c3f8feeaaa4fe2f0483179235fd2014959cba9c6b77d3fc4412bde60d9 |
C:\Users\Admin\AppData\Local\Temp\gEoS.exe
| MD5 | 63a61d1cd81b4f5c6e6e3b9edee72a90 |
| SHA1 | 24656c2984c49206a5598b4fdefb3f0093b2da6b |
| SHA256 | fed90b7747cd4b0e0f216e30d2e38c107d5bb69390fcdbfc9295bf497bb60212 |
| SHA512 | 64304dcaf9e99275aef9e5096cb074c103e2c04c838a161c31bea081dc18cb7916fdbe12869c17aa6db852a5c9be412eb7a5decbedf4abd63e406146d9ceca90 |
C:\Users\Admin\AppData\Local\Temp\EeoswwMM.bat
| MD5 | 4dd2e5c993bbde354a444f837519677c |
| SHA1 | 3d8ad5cfda505816a0573f8ab4164f1872241d40 |
| SHA256 | 81fd275482f12d7d507981736009bccb99d872f7be2fc9cad59d25b9e23ce906 |
| SHA512 | 8a1300f20e589e6ed9010f2ae143d06fab7f8b3645a6d30ddd4640b9c3c464c6adfee0e709c5ba977323735a052d25dae63903784f682bf79ac1be25dcb4ffba |
C:\Users\Admin\AppData\Local\Temp\SsoU.exe
| MD5 | 6c97ae7d3ae2738ccd3bc87d5d7bd435 |
| SHA1 | f0cd4aa378014a449b1da34b5318c25772ed3c46 |
| SHA256 | 718f9b4b6db9664c0341b3ad9bf96860267190b95c5a8c6fc74af6cffbbc484c |
| SHA512 | 79c2730c95b743fc614d2bdf61cfbe9110aa13cf974d724df25d36dd6d674dbbec86e0b0f6f772fd508f29f073fe6b3693602c3c9ade3c65cc5b734594a9cf8d |
C:\Users\Admin\AppData\Local\Temp\oMsG.exe
| MD5 | c5c0753d0cde01d725f906bc16694b04 |
| SHA1 | 6601d303b63c77e3bda788c48e6ff2f83f22e86d |
| SHA256 | 2ac063dfdee431950464af3d615e57399f977e679a599fdcdcb3e91378ed216c |
| SHA512 | 2d8794a2ef9b183ff877dde0d3a534b42dbdba8e915da263432f07ed846583a64e630c342620a1d6328a1bb69bb2a11ac526f918b08335c9d41ff1b8242917c8 |
C:\Users\Admin\AppData\Local\Temp\OEYS.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\yUka.exe
| MD5 | 548c5614a9e522caa307a6f9151eac0b |
| SHA1 | a5f5d90efbc3820f156c9f6a655bacc1c55d7397 |
| SHA256 | c7089f6c695ef83810e402242af3ddc1393ab76773c990278f719caa64aa2e6a |
| SHA512 | eaaaea3477f1c00253d3273afd72067eb064dc17100f65ae71ea1b7b7625afe937ad4136db78f2f318a0c0dcc9edc7aec8c6d3d592c1ad4a636343cba9af6ef5 |
C:\Users\Admin\AppData\Local\Temp\mIgu.exe
| MD5 | 37e8a1f5cd034d609300ab09906e6681 |
| SHA1 | 2ce7756e5de1ce4fd8e77678f68afc2b4151e796 |
| SHA256 | f4d83f3ab62fb69a2fd9dd683bd5f8e3157640588dc5b8e7b15ffbbf070c19cf |
| SHA512 | fa42524f8c8bb7d4411bf2951f8e3a5c51ca1c64cfeccd59d745696f44ce9392d1aa94ea0177d8c6b8626158c22ef4df6e1c5a35990b72dafa9169a708370e8f |
C:\Users\Admin\AppData\Local\Temp\OQMO.exe
| MD5 | 5475c585af20efbe8a47d25c36efa661 |
| SHA1 | 0ea42a8e70e8a238dafa8f5c547333c69092dd72 |
| SHA256 | de374688b10e6efe4c7d207757aedec8a1e52fbcaa08dc2dea74e13ed10d1246 |
| SHA512 | da8035c0e49b8ebf104150d3c16fc20f8a7653d96d546f44f3956ba9da81bbe3cf44567903c85ee589b8fc2d34b3f419e08cf0a5c95a8e582d45063d691ff57e |
C:\Users\Admin\AppData\Local\Temp\OGMAkAAE.bat
| MD5 | 844bbdcaeca3f523b97c5a92d40dd402 |
| SHA1 | f022dfe513d072dbe3bee9c08f929b7f53cd5467 |
| SHA256 | 3674686122ecc3258d73ac341cd4a5f3d433bccde42ceeec2aa4ca3c8433ad66 |
| SHA512 | c5c9f4c33c63511d109699c1b1bd178a958980f3de94e3020953cd4c4951e093eb26b716e6a562f29fcea426b8ef5e26fca5db8302475462a19cdfdb742980e1 |
C:\Users\Admin\AppData\Local\Temp\MwEk.exe
| MD5 | 03fc2eb5fb0d59688291baa0aec9cdaf |
| SHA1 | be5665fc7a8e1ad9bcd98f75a7c2562914306ac6 |
| SHA256 | 9f245cb34e8de8c5a0b40e58e33d553f625f7d8dfa7cb90f869ab1668afe3453 |
| SHA512 | ab876415b9ab1b3b0b193e1f3457bd097006d4e4f5ff6a0ba8e38e3a6b586728537530207af086b863b8002f0c0b359768382dc07b4c24d0a76822cadeb6cc1b |
C:\Users\Admin\AppData\Local\Temp\wksa.exe
| MD5 | 21412c0a700c791ab55c1f276f3f09bb |
| SHA1 | adbbf21a12141d3720991b8016fb3c8404761b9a |
| SHA256 | 71188ae5d7f21a4e4d37f9d305c86008d36f880f51e90ba99311372239043882 |
| SHA512 | f6e061b4914ee0a5aefd94a44bf57aea590a5db66da1295074597db7a26eea603874099835fa067f226bf28df9764af6e2f3c33d1196974b9f46caf70b76bff9 |
C:\Users\Admin\AppData\Local\Temp\SEUS.exe
| MD5 | d560fb714336fa0c898d00b0ced37e27 |
| SHA1 | 7cdb97b79b375991262867382365865dceb678ac |
| SHA256 | 643a52da95254d0325f40f2e224469d431438f412f688346808a2d1c5c819d7c |
| SHA512 | 1a60041b52d903de5f69549e4b457b09855fc119114cd1538a1a1c6c8e9546eea3a1fa23421858f51174461997d36a517819bf6c34d61be0a128913828cb6203 |
C:\Users\Admin\AppData\Local\Temp\mMAk.exe
| MD5 | f31a144d1624d3f834078de1758afded |
| SHA1 | fe67524865dabdd118b66cd089683db8066611f8 |
| SHA256 | ce4c1ea2f113545e220220e4fd5e83d6c8010218dcf52cc44d5e3afb360620ec |
| SHA512 | 7e695243ef2ca89328652f057a859742f7ef707604e6fa7281e39f06e0602f7d8796a5ecb2286f4ab6ddb67c5496af89c65fbbfd9554efa0e5f90527f16a5afb |
C:\Users\Admin\AppData\Local\Temp\YuUEQUgk.bat
| MD5 | 5a695fd2004eeb1559a419215bb9f1a3 |
| SHA1 | 3e4ba1daeec783b2adb1718c468e57bf7b00c9bb |
| SHA256 | 4e1cb46014edb185fada3d070fe7a8b24c4b0a58ecc0b43dce544ac2c285d215 |
| SHA512 | d8a7073e4341d74b9d775111e146de06d2b861f60ab8bfe8724cefc911570f106d0a42942c4ac0e9552c7a70f9785f1310bb16f2655018b0b8a253dbc7822055 |
C:\Users\Admin\AppData\Local\Temp\HqQoEYsI.bat
| MD5 | 99adfcfe9d4f6ae7b4d58679f5e69adc |
| SHA1 | 6b879b3262c925740f52638d68f31936524c350b |
| SHA256 | 09472a0786812dc2f4eb8cb336420f03324c3ce07a72ffed91b1dcc8eb7fcd5e |
| SHA512 | 29fa41500d8e00400811e9fe5fc8dac940288113e7d6964552fb9bac6dbf31fd19792b4fb640a330b3f4649a8eaab8af903029164e9a1665742b7d2cec25d25c |
C:\Users\Admin\AppData\Local\Temp\lyokMUQk.bat
| MD5 | 9aa1fac54587d12133546a53382bd53b |
| SHA1 | 0e23ba1d68231bc12fea6ff14e264d78e008121e |
| SHA256 | ebfad4b8a0cc6e1093cc779438305d6d988acf913b38b403fae4c2c1970334dc |
| SHA512 | c8bbdf856d908224a0587d3a5095258390d0406dde863cf755e1e1ebedf17fa490e431a2856c2835146a332ef06a28b55c6867f03915f627aaf789d80fba7986 |
C:\Users\Admin\AppData\Local\Temp\BCkAwosY.bat
| MD5 | 0a29db5efe65fcc8ee3cb21a44001714 |
| SHA1 | cd2bcd23d682e3f2fb7422495f154aeea072d2bf |
| SHA256 | e430e4d2990ac426665a7a654bceab81b9e491fa018a708e49fccc70ca113567 |
| SHA512 | 3a65ea885649663b4e18791bb2c772f0f3df686d336f5c2e950a286a7fc6af1ac18a856b1246d09a8c113590b62198c2fcbd6a9fe4c6cfd75f03370be8bb1a5a |
C:\Users\Admin\AppData\Local\Temp\BgIAkkQo.bat
| MD5 | 425d7ec685bc8b47de471f3627766743 |
| SHA1 | c4d8163a71c5d1def51b65fb5232fb914147b3c1 |
| SHA256 | 68d90de47fcda68e081e8045e94836cca4fd9e59dc83c27d65ba5eb62d42fdc5 |
| SHA512 | 7c2267d96d7cc852c91b7e64fbc1e62208174b8307cf223477da1fbb2f73788ffdf4fa18ae323c2a110cf728c6ad2d449235b6f4ae255f45c9672e947e51e974 |
C:\Users\Admin\AppData\Local\Temp\kGUAwgoM.bat
| MD5 | eba527a92a827fc63fc254ea72c9a52d |
| SHA1 | bca825953f08556ac9b1f58f227316af8f0cdbaf |
| SHA256 | 9015b2f350bdb4f7ea7c15011c6356f41a5ffb4796ccab9ba9a78d2e1be5aafe |
| SHA512 | b0d2db3d4a9c44205997d9d1f30796714829ce92c0455e8ee62aca1f0ecb5f74bd3032b8ec7f72ccfc008c1b4d41e4781178a72b128a92f28af2b6644fa390ea |
C:\Users\Admin\AppData\Local\Temp\muEoQckk.bat
| MD5 | 7e48d2ca760fbcc625a2e19c081629ce |
| SHA1 | e6fdc25865348941c4c3894a2f9d8ed271e9d742 |
| SHA256 | a5a905e2c4198d6dd1b3a698c1c82701bc24400a532a09b45af28c941263b381 |
| SHA512 | 2c865bd50de42248316ff343d8b763cbbf0cd79146099083837434ee2bc3214b03bedf2630ed72fc2cbf2dec4b92e0db7eb8aa974d49979cac9179ec532d3a45 |
C:\Users\Admin\AppData\Local\Temp\EkosQsMQ.bat
| MD5 | 60d3b03d034f7583209c9f4ccdfd9d7b |
| SHA1 | c023949819a19b48982a156d68182b6d121e8704 |
| SHA256 | f5922b12759b64ab340e052032fc6a985b3676b561248c5127270845e123f45b |
| SHA512 | be4e17ac09340afddf8e7884253a49a3ecb564874179d99c1359ec34687fe5afd821067ec0c83c9cd7128d19d4852f6a962191496e7b2ae963f1a9549674a313 |
C:\Users\Admin\AppData\Local\Temp\qycQkIgc.bat
| MD5 | 1c33a568bbe3690c3a4b353c5bc80970 |
| SHA1 | d8cbda5f52a2c553daa177066e073fc3354cde49 |
| SHA256 | edc897e73e078502f7dc251fc1dd2e7479e6b98426fe7b1dcaeae0679b6beebd |
| SHA512 | 5dbde4b764f77af266bdb940b6a32f44637fcf1d14b77dac2cf3dfbbc440fdf3c0a60730540c393eb93d0cc069546b69f0d3b5afe312772007c0ca8343087ccb |
C:\Users\Admin\AppData\Local\Temp\kaYMYIMk.bat
| MD5 | 48c07560107fb341a8262f8b9ac8a1b5 |
| SHA1 | 12e5077dada6a12e9511d535f23b03ebcaf878c9 |
| SHA256 | d264400d0f191a2574f6d519d6618222188cb7a9d9bd34464ee04145e5d72117 |
| SHA512 | 6e33514e92685ce6ed686b6b258849ee5fa1c1a407b47c3dc255353e06f9bf3a79187b33eb1c14557da67014f419baec51244d2f1517f44bd3c2e046528f331f |
C:\Users\Admin\AppData\Local\Temp\VMIkYsww.bat
| MD5 | 3ac5e71bc7a2b051aea3fc3c5ac2ec66 |
| SHA1 | e0ad6ee0aa62453dbbb16ca58bbf16aec6970071 |
| SHA256 | e82edc80072d222c18b44c3f5de233b3fa26d6fb30c92fe9596f98f203e03e31 |
| SHA512 | bc5e1dccf93364ecfa2be157ebf380f26bf286aa481db72070b9aa7ce8fe18802d08d7ee249bb44edaca564863996e90f49fe532bb855e802cc179bd8e066972 |
C:\Users\Admin\AppData\Local\Temp\PskQYMsc.bat
| MD5 | 3620ac3396c20bd1e11294fc85a22be4 |
| SHA1 | 56df61c9ceb877ffe8bee3c5c9a4148284b95759 |
| SHA256 | ef20bcbdc7813f5b8a2d6da6fa98d8881b128a2acda51f7db42264ee9c6260fe |
| SHA512 | cd281c8b2e16fe26f37e46e317e479820fc9eec0991965f821a8b6e93ca24f340dd36e25ccdd8c0d692a210289101ab6fff8a220bec1e28ebd2a175bd8e41723 |
C:\Users\Admin\AppData\Local\Temp\hIggQUAw.bat
| MD5 | 8ccdda2b65415b2d3e8e715c5fabae17 |
| SHA1 | b7459e7ae26f3c45562666807ad9d71e5bb617c2 |
| SHA256 | 3b97b26a86a26e6ba8b81ee4f1ebff9fec31fdf17b1c61e10b9df45955290271 |
| SHA512 | 97ae39d18961ded91596d63c54c7dc8ed397045f6cd1e377bde7f40084a3ccb1dfd652c70eb514044dbc953b9b2afaf1f375914d2e7b7a6a076b991d0ab5036f |
C:\Users\Admin\AppData\Local\Temp\PewYskIs.bat
| MD5 | 812fd51e920149329a02cfdd29f22be6 |
| SHA1 | 44fd899df5db827cbadec61ee1fc6701b4fc1817 |
| SHA256 | 271d453c23a3d869493e772e45bf800f0e6c2ceb7773e8ed2f0b4244610d95e3 |
| SHA512 | 6cd37221beab62e9aebf4c448b971ed5b72f1c090a634b5c0af6a300ec8dc0f99360d9dcd9174e51cdc96d592f3e0ffd4739ad3d35f859de8248ff034226492a |
C:\Users\Admin\AppData\Local\Temp\LOYsYAMQ.bat
| MD5 | c2eaabc89d85fc428f5dd64925a7ccdb |
| SHA1 | b71f04629836557af7248e6abc64ef4a2135f930 |
| SHA256 | e5bb6df36a3070d4ab89f0bc1e83100aaff264f77e1a6b1837f551ee59ce5339 |
| SHA512 | e318a97c6cddb3caffffe84fbe63e9b6efa132fa862e6b16ea0926db37cccdd795f7ffa925a2c0de507fc749dda3479d4c5634a5b1ccada0d04fabd9064ef839 |
C:\Users\Admin\AppData\Local\Temp\AsgIswQk.bat
| MD5 | 27448feca06c167b9e2f90e2f1aa0459 |
| SHA1 | ffda829e7323075e3264eb953b019aed43909a26 |
| SHA256 | 5de5af0b5d8091075fbdc06e462796e7fdb668eeb9778edb327b705984e7879a |
| SHA512 | 00f349b015eaf3026186d1f2b71d549c6980e8f2c97c87fa2125a01859316c3757e377cdc415ab4f217230c70fe0041ccf704c097f7c880fdb11665348797097 |
C:\Users\Admin\AppData\Local\Temp\CaEscMUU.bat
| MD5 | 7bcca25eef3aa2ba7c8a5dba936c1535 |
| SHA1 | e6661eb94b1bdb7863ba7ec22ee6900731862876 |
| SHA256 | 2be8e86809be86dd9205ddd7a9849c475e7a2b8e7bf86e9c8973d2da07a5aafc |
| SHA512 | c9c00207ae8763c5d87159f2234967be2b25d9b631432c4f2affc26a3bba8ae975a5048c82f30554f1a7c55dae2237db83becf58896937570880b1231e92fd27 |
C:\Users\Admin\AppData\Local\Temp\cMoUQsAo.bat
| MD5 | f019dc97f7953711bc0bdd1258f90eb9 |
| SHA1 | 39b5365b7f6caa48331c573db1dcd0f65bf3da3b |
| SHA256 | 85272fda761f4315921ace32d6fed54afda7095363b5d5cbe26c821a10c5330d |
| SHA512 | adfb35fad26a05a9db999bcbc689c20b7fa08991b999ba75397c7dbfcd30a8d98c5d7a8f702d82d97ff7b9ffe675e4ab4d1903d802c55b24b94792c085baf800 |
C:\Users\Admin\AppData\Local\Temp\ICIkogMw.bat
| MD5 | 6efdf5810622555fa925972c8e9b0fa3 |
| SHA1 | cfeb263cdebd13fd0e629f4992ad19c9417c4a10 |
| SHA256 | 8ebb3511619a211f17c1baa42320adc26edcaf7be56ef0cff8ef908c517ecc3f |
| SHA512 | 8b9748816c978cdac2704aecd233bb82ed03022a1276381cc054305506cc73d1edc50c71b6950bd9c8995098415c1b341e397f5de1d8c031783bba7ebd194d79 |
C:\Users\Admin\AppData\Local\Temp\vGEYIoAo.bat
| MD5 | ea779a4577a1386d1647ddb2dbe262aa |
| SHA1 | c107d021221ec67e36453f463db3bcc8b790a97a |
| SHA256 | 69f36f102340107010e2c14dfc326837694a7f158878a8fa0a4ff3f0706df4a7 |
| SHA512 | 37d9f9fcc7f210f6d309f31c6b65e17cfd0a0dd650cc6c17c896d823414eae14ed45ec918b92e238a0d4a913f0a249a878a8749dafb4f8b8ff818b322ff27a37 |
C:\Users\Admin\AppData\Local\Temp\NicgckEQ.bat
| MD5 | a43176e3ca013269d2a4ef0eee12f3f8 |
| SHA1 | 3198b138e62783e9e46f32221c8a77a0b48af3a2 |
| SHA256 | 0cef75c0cf56bc18641b702ad36c834e646134635e8f8d0dbf4c9d9e151eb54f |
| SHA512 | cd35989ce7a6756d1538ba7803ed51ca42c0f7688818ad9d0e057c811c515f60b1f29a42a5991d263f3e14218bef868ea1047009c6dd4564c4c1b5c6c84ed99c |
C:\Users\Admin\AppData\Local\Temp\DAUkgQwk.bat
| MD5 | 41ce42969ffb54558da893d966088962 |
| SHA1 | d1689f4258c5baed0c290fc0b82250ea5b3f215f |
| SHA256 | bfa0ba8596312f15e95c15f066081fe23bd600d26e01f01ee9df02c1458015da |
| SHA512 | dc534990c921f98dc78e8cb6ae6e6d45af57808145a94c551f81b6e7a4c06ffb516af2b359fd2b40d7a287f6b3825aae8a267b4bc027d1ca4b37fee466cbf5bb |
C:\Users\Admin\AppData\Local\Temp\DykEEoAc.bat
| MD5 | 199a00aa28d1f8ab3a9df6495b0aad44 |
| SHA1 | 0db317d6b8910514e14445bcbc3f34fecfa171c0 |
| SHA256 | fc9a6878068a160af5c40bdc208dbcf9bfba18a0c7b5916dd165ea05724816d1 |
| SHA512 | 27abdc6aa89f49575796e4310bd34cb100f7470139b2f10f346735f4aaa35682430dff3e371ec09183dfb811a3c9f5343b306fdb67aa2791ac146531ee3cd570 |
C:\Users\Admin\AppData\Local\Temp\QawQUgAY.bat
| MD5 | a9a067c39f48b01b12f212ad628b44fc |
| SHA1 | d50a78208afde0c702bb7cc1226be2cfe0140d1c |
| SHA256 | 2e85f73a5280d62b64ba20452c0a1f8b0f186e23fcb32489eedc5a14978531e4 |
| SHA512 | 88e86902bdc8ea7ee787aafd0909f3bf19040c2ccf1a6349a3340e1cbb9d386270d25d727fa759f7ef112505173df86ff329a8805302a23977d65eb93577edf4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:13
Reported
2024-06-13 01:16
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (81) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\JEkUAksA\EWcAsggQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\JEkUAksA\EWcAsggQ.exe | N/A |
| N/A | N/A | C:\ProgramData\AqYYgosQ\SIUwAUww.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" | C:\Users\Admin\JEkUAksA\EWcAsggQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" | C:\ProgramData\AqYYgosQ\SIUwAUww.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wMQgckkI.exe = "C:\\Users\\Admin\\sagMUAsk\\wMQgckkI.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dWEUEsss.exe = "C:\\ProgramData\\qUYIIkwg\\dWEUEsss.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" | C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\JEkUAksA\EWcAsggQ.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\sagMUAsk\wMQgckkI.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\qUYIIkwg\dWEUEsss.exe |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\JEkUAksA\EWcAsggQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"
C:\Users\Admin\JEkUAksA\EWcAsggQ.exe
"C:\Users\Admin\JEkUAksA\EWcAsggQ.exe"
C:\ProgramData\AqYYgosQ\SIUwAUww.exe
"C:\ProgramData\AqYYgosQ\SIUwAUww.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fmUoYAgk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gewEQEYE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WoYwMsYk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmoQsUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkMcoAkk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWAosggE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\haAcYYwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMwowccA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQMEcAgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okoIMccQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqoEkEcs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sOAYUoIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TEwIMQUc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuYwkMAM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOQkYcAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jKsUckkQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuAwowcw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcowAMkg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyEcEcwE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\msMokwQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waEwAgYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwAcIIMk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOEAAsYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DsMUUkYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAUcYEcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQQEYAEs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wowkMowk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwEMYYoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kKUEYAYs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWkYcQMk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwEIMoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQgEMQAM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RykYoEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ysMgEkQk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMoMocsw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\easkAEMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkUsQEIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSEgAkIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgkgAYsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zEoYIYgI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KCEkckMI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AaMQQckw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QGgEcsUo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VukQgwQg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsQUoAwo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIcwIEYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYYAEYII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aWcIUAso.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQoQIsUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xmAcwwAQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmccwsYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgwgoswA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYgAwcwA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyoIMMYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umcgoAUM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OCgQokEE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dcwIkAIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGYgckIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAkwkwIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OccEgwQI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEAQgwww.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGwIMIUE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkUwMIgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAUssUII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NqQIgAQg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XuQYYoYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UeAUAwEA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySUYcAgE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOkQIMYA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcMcoMEM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGcUoMIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqYkcYAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMIYgEIs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqgMkgEI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IQwkswws.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iewAkcEA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KWMsEQYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\twooIEkY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYkMUsUY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQAUEogI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NgAgwsIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CaQQoogg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwwMoMQQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsQsIEUc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWswcMAI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGQoQQsk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lecUAogc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQAIUwME.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekIEUgoU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEwogIYc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwsQAQQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCYUQEIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bWUUUkYE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fEcQQwwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vecUAwEk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eKsoUEEw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wosEkkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mCgooYgc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqcQcgwE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGwgQgEY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwIUIEMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIEkQYIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOEMEUQM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqQsgQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUEQogQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgwcYAkE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkkEgUMM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKgMAAgg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAQQIkYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyUYAwIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AawMswEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgUccgAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PogwcsAE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeUcEIQY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIMcgYIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IKwcEAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOcoYYUs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKYAkAUg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\caswAkkY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGwUAgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKEEgkcc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEQwQcIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hWkowgUs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwokEQIY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAsgIoMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qsAsQgQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Users\Admin\sagMUAsk\wMQgckkI.exe
"C:\Users\Admin\sagMUAsk\wMQgckkI.exe"
C:\ProgramData\qUYIIkwg\dWEUEsss.exe
"C:\ProgramData\qUYIIkwg\dWEUEsss.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4316 -ip 4316
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3600 -ip 3600
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwUkwIco.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 224
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIkMcgks.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vyAwoQUo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgocsUMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiskwsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kMgkocIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkowwUgU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TUggQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LEcoMIQM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwscccUA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIEwYQow.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/4764-0-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\JEkUAksA\EWcAsggQ.exe
| MD5 | eecd23187c8a7bccbb1fe5dea7c7424b |
| SHA1 | 43ffe983a4ef710d8ca2e870636cc09b4a60dfd1 |
| SHA256 | 5a4680d77706b080c1dc4ce7a27ea86d78343393b2f48a8cf934b409509626d7 |
| SHA512 | bf1c4e75ba8cd3de5d72012659450bf78d1de3e5e10c715a01c4ef3018e9d01dfa8c4f91da7c14554f0fafffd0bfbad15be9eaf794910c07ce6a57af7ec149d7 |
memory/3664-5-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\AqYYgosQ\SIUwAUww.exe
| MD5 | d6621d2a3c10ad2471906dc3c1fa0ae3 |
| SHA1 | d2a4383be1e0f28c22cfeb117d5945f0831a56a9 |
| SHA256 | bf8910b29e5073a3bcf80adc4fb81d18d3d310b4d42ba386e2b6e67bc118cbda |
| SHA512 | c0aedbae484a75270431289ad5a39b688ed19bf96870eef793dc4aef02807786a5c1d3532fd85fd15a53ff1eda780da19e3cb335e868855907c9c1c58622eba9 |
memory/2544-13-0x0000000000400000-0x0000000000430000-memory.dmp
memory/892-19-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4764-20-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fmUoYAgk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics
| MD5 | 2cfa6796fc3ef55c4c52c89ffee69a01 |
| SHA1 | 27f7ec659a880adc68377806cfed8a19a83d7a19 |
| SHA256 | 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd |
| SHA512 | 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610 |
memory/892-33-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4404-34-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2600-42-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4404-46-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2600-57-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3984-58-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3984-71-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2044-72-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2044-83-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2996-84-0x0000000000400000-0x0000000000435000-memory.dmp
memory/624-92-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2996-96-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3612-107-0x0000000000400000-0x0000000000435000-memory.dmp
memory/624-108-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4628-118-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3612-122-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2752-130-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4628-134-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3144-143-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2752-146-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2336-154-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3144-158-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2368-168-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2336-172-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1176-180-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2368-184-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1964-192-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1176-196-0x0000000000400000-0x0000000000435000-memory.dmp
memory/748-204-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1964-208-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3352-218-0x0000000000400000-0x0000000000435000-memory.dmp
memory/748-222-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3784-230-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3352-234-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4324-242-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3784-246-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4324-258-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4980-255-0x0000000000400000-0x0000000000435000-memory.dmp
C:\ProgramData\AqYYgosQ\SIUwAUww.inf
| MD5 | c2d4bb928f5b888412f906e3c11f0202 |
| SHA1 | 86993433560dfe18f8aa1a7f0e4c82363c518d1b |
| SHA256 | 6bdc16ea1b82bedfc6a216775aa1c2580678f61e3a765f179c5efc2a6e9a4c1c |
| SHA512 | f3fbc384c73d4998686aeeedcc78a5f3a062ea4259536a0bf9fbdc3aa26021e73a6b51fae7943ceb97ff0c9dcd3f85793a396c67d2e3471cf5f7f0313f8a8a01 |
memory/4980-272-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1204-270-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4824-278-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1204-281-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4824-289-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2752-294-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2700-298-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2752-308-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3144-307-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3144-317-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3588-322-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1040-326-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3588-335-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2660-334-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4992-341-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2660-346-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4992-354-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3300-355-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3300-363-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4984-364-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4984-372-0x0000000000400000-0x0000000000435000-memory.dmp
memory/668-373-0x0000000000400000-0x0000000000435000-memory.dmp
memory/668-383-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3380-384-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3380-392-0x0000000000400000-0x0000000000435000-memory.dmp
memory/876-400-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1336-401-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1336-410-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3016-411-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3016-420-0x0000000000400000-0x0000000000435000-memory.dmp
memory/5108-428-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2368-429-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3792-434-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2368-438-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4256-448-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3792-449-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4256-457-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4936-458-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4936-467-0x0000000000400000-0x0000000000435000-memory.dmp
memory/976-466-0x0000000000400000-0x0000000000435000-memory.dmp
memory/976-475-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4484-476-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4484-486-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2968-487-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2968-495-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4292-496-0x0000000000400000-0x0000000000435000-memory.dmp
memory/4292-506-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2920-507-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2920-515-0x0000000000400000-0x0000000000435000-memory.dmp
memory/116-516-0x0000000000400000-0x0000000000435000-memory.dmp
memory/116-524-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3132-533-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3252-542-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wUww.exe
| MD5 | 1f01eef8cdaab7fc4aad55877a24d4b7 |
| SHA1 | 4e3a7b897afb9be3043d62b3a2a4dfcf1f47371c |
| SHA256 | 7bc9390bc8991c6e53c2c7fef24e90cda80d5210719bbbca2446ee73f0d9b314 |
| SHA512 | 6e3fea807a5110391909f4cb5b779b7842469ff25e2d73b5991267d4f1b44af06e1dd754157710841ae133f991dd65b2f478d8777363ff83c5673433b73575e5 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | b19bc93b52cc1aad07f22fd010f3c716 |
| SHA1 | 5bedf454f4c096550eaaa1b3fe2e090e1488867a |
| SHA256 | daf45daae75c5a5bcc8fbf1d2776cbf43d4afbace421f771da3952abf0ca0383 |
| SHA512 | 0cf478b621fc53561c1d509f125bd78ede82f2abf6cd216f845765f31df66204f7f545461efa03ceafa3b4e7eac942567e4ba556d97285c747f42c7e079675ab |
C:\Users\Admin\AppData\Local\Temp\GMoC.exe
| MD5 | 8e9f4bb59c1783e17a727dde3ca33912 |
| SHA1 | a4ff462550547e647beee2c756a3a00bdd889757 |
| SHA256 | 4c823f6c572afce125cf9639657a840c9a558e0be2e646f43eb2e1726bfa1b8f |
| SHA512 | a8988ec98d651e14455744e2d7ae75539ba66077b8e4f384a0094daa433a56e07c5752f0240ef6c75fa3f50d24a1ab7162b03c3f25406d8102b700733a1a0ec2 |
C:\Users\Admin\AppData\Local\Temp\OowW.exe
| MD5 | 28c2668b97e37cd65c2a49671de259c8 |
| SHA1 | 85d6cf62ead3894ecf6b0b63c1d06a0c203d4216 |
| SHA256 | 3ca0f42302cbf435a4fd7407a467464903cb003b9da9c945c46258c2d9e95ce0 |
| SHA512 | 48f6573600dd1d17460d4c253244cd94d21930bfbd626deb752901e77b4598316270532d0c30cd4d6d4b7429c937ba93b676ae0a121a593a92f9ad8175311fb8 |
C:\Users\Admin\AppData\Local\Temp\qwIw.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\gUcy.exe
| MD5 | 1513b14b8883bddfa2506a42f1d1b1d8 |
| SHA1 | 1f8aae168e6f664dea190756f06945d33d86f223 |
| SHA256 | 64800c97f8ada1be9633b342e7da8074def2d3f3a83e35ea61eed1a7a46a296a |
| SHA512 | ad44cc9242717102a790518a9f8218a94d2cac9bd58951afaae3daa6de989ed167725e3d2c9ee9e6f0c5825486f40ea477131f4d6764d1f73c5b79bef94e8d7e |
C:\Users\Admin\AppData\Local\Temp\iosM.exe
| MD5 | 6f8d3b57a92d7b883c917b0de0cc70cc |
| SHA1 | c8615b4bdce544b19b0b5a95c801d5b1c5415a3f |
| SHA256 | a1f457fdeade101dff93aa13d9c3e47213e5d0a9d59c5920ad5926e0b589f496 |
| SHA512 | 41db73b86cd6bbc1f7c7cc7320ab9152f9be3cbff712ca5310a54bde9b1b97c86f3cb4c00d72e2e74928b1c2b3f83cb40e46ff27de4068d23927aaad7d6e9684 |
C:\Users\Admin\AppData\Local\Temp\gEYg.exe
| MD5 | d19ea6ca7b417fb8b717c4bc9fb116a8 |
| SHA1 | 75c6994a50c79166b6b9caff17fdbe6bf373e23f |
| SHA256 | 868bc0b56e32456d84a4c4b433a40cdffc00a2e2c746596ffbfb5829a9e2ae79 |
| SHA512 | 258a5736e0b7a1274db0454b2443a1c6bde5430afdb485c0106da810490284b23d0c0425925b1c6db64b15de3b8d048ef1f1cee7d3b9c750634be31717b40c21 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 0d8ff8c801b2d152c0370f18e24ee9dd |
| SHA1 | 896e0a245d3cfa0b7200f3ea1be8d443b6191b75 |
| SHA256 | 2cc83c3971b92f9b47ef433966f2fbdc23d9d490e46604d234275764f3111f8a |
| SHA512 | ebd856b80daa3d9576d88f2daa6038d90ebe146842c78e2b69b993874e292feac118cbe650bdd42df899db193cea5e138c9fe7173346161e6c620c6223051e27 |
C:\Users\Admin\AppData\Local\Temp\igYm.exe
| MD5 | 12ba1e3dadce0113554ecb2b7944ff5b |
| SHA1 | 82271b9feff72e9a4a687e3940ba78e953e45b71 |
| SHA256 | 69f2cfe0a835b562d3a8438c13aa5ceb93ae0f8cffd48be6f98b6b7cc19f7c96 |
| SHA512 | a907776378fd81614c6de1c64302d24eb1a3e908a76e3d5a519da3ef0f7061d700401f258c624ace0fad11cd2c6c7974a08774638d2102a50218d28ca4b2ec54 |
C:\Users\Admin\AppData\Local\Temp\ckYE.exe
| MD5 | 8b31e2b82f61d12ee1550b0a5b23cb08 |
| SHA1 | be636a815c8c81adf9e6d9f99b4c4dac279b5ecc |
| SHA256 | b730f44a0f59866e37dd64fecf8c82f154926ab7ef7df701af8de7a8c9246064 |
| SHA512 | 8106549cc72321419302dfaf91c7473a07b25a1260a0ccfd4ecc3136d623a3ebeb5f196998a1c8d09a432c11204fbcca0621be2878aa250f62bd4db50f1d8177 |
C:\Users\Admin\AppData\Local\Temp\YAIc.exe
| MD5 | eccfaec01a2b677c4d8dea82f84bb9ea |
| SHA1 | 002124becf3f83ca391c84202b2bb87f858a4fa9 |
| SHA256 | 498e0ec2026727ed3a9ff63e702e8e03f48f3a7f3b6d88c76f9452cc82fdbf3e |
| SHA512 | 7564f70c08a0e1c6f6cf4d9a5c15581e442ff42b9b72e14abd3e2d5cf821eadfaf1c077c10fa1dd751fb841f7b76a1d517cf890f2d89dd5797eb1c5e3cec3e17 |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | 5408c0a2ca40e8b8e1278d84da8ffdad |
| SHA1 | a967b4b8b116fefcc40183e6ef86aa837e757c7d |
| SHA256 | 23e39cbed764136cf126167c6be5193a732b0054aea7d964ba22a69388f7e299 |
| SHA512 | 8a1679e920aaa689b9e90107ac8626dca4f317b5c92ff1fce75345254bd84256db21274f0ff63a24af069af3c0c4209647bfeee2a4b9a6c15f29a3e055b9add1 |
C:\Users\Admin\AppData\Local\Temp\EMga.exe
| MD5 | a6ecc2e0181f6030265aba41a96de4f9 |
| SHA1 | 88bccb7272dd9bb0e4302e5cb18c52b6768000ec |
| SHA256 | 7927b09d4392754eaf0bca021dfd1f8713846fac70caa3deaee42502a1ff616d |
| SHA512 | 997aaafe3880c8a1cc6c672f90c10652284b2406162b09f7f4513dfcf28b522effd6ed1966287490ee5df04b578b86d8ffc6b555c5452dfae9727e3bf0348609 |
C:\Users\Admin\AppData\Local\Temp\Ucgo.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\akUG.exe
| MD5 | 95079219bc6c248c4a5d43c774a297f7 |
| SHA1 | 1ffd432781df3cac959a946d26a6585e8b0964d7 |
| SHA256 | a2ee2495412ae8b8a24d98073ae0392b3dd22919a74947ee9610b6590e124c6e |
| SHA512 | 8644162e1de08150d4a4ce619b8290c3db2e59617d2a7f5878f9b1fc931b1692867fb74f67f52bf189ffb2f74a2be45aab84bbffeceb1ac41e1103d406d03c11 |
C:\Users\Admin\AppData\Local\Temp\SAUU.exe
| MD5 | 9f9939ace32e5ec75477df3de222528c |
| SHA1 | 84a50b16d3245083e5fde17f08c39d59c1e44c6c |
| SHA256 | fbb3aff95ce9a2b714bdbf4827feed98f7152e381b1301f0149913fb1f25d02d |
| SHA512 | a0df5671a365cb78d52ffe607b4419df72c3725cbac8e7728aa8d6b2743909c00e20a179600790ad8713ba11adaf48249ae6eda5674b0e88ddacd544326784b3 |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | 06a32e1b466ddf661b3030b79298f0c6 |
| SHA1 | 138f250e46016424854156a0d3fc9857c1353d8a |
| SHA256 | fc7fc42176cf700a7af8f6f79e39c98b2414424b4e39cf3830371c783b18c0d7 |
| SHA512 | 4115f4a3bd5b4f57d42f83733dff52daeff18e526349034b5566a1d482fa00ed7e688635e0ea5edcb5569a8a9606335296b530fa09e326d0974e637af3f1cbd5 |
C:\Users\Admin\AppData\Local\Temp\qgIW.exe
| MD5 | 0c237171822186c07e08d2d7f46a50bb |
| SHA1 | 8cde3f1f70cb1610fe894d82a435bc2e9f074f8a |
| SHA256 | 74f4c28b7530095a6d8ab174492c2f464d688ce9c962dbf3ed4bd4ce0a73bb48 |
| SHA512 | 85bac4b3c7dd9196be077cb9771c67f7ab214e5424ba1c2aff0d438e6f83497f27c220cdecbc3eadea3d292b9c95fada9a101bdc88f99c9d03fe4b8b1f0c6b3a |
C:\Users\Admin\AppData\Local\Temp\KwMI.exe
| MD5 | 27b6c38b9b40e2961fd07bfab6dc3bec |
| SHA1 | 7c1ee5c27b4d70c807a3847b05e67892376daa3c |
| SHA256 | f9e360ebbeb3622b46a8ef9ed81f6bb5ca5b37b0f47b7c079800c0471a1cb28a |
| SHA512 | 6cf4ad4dab0620b4ee9fed06af95c3c42f275ac17fe69154fc9b98d52369af3689c061f52753d8e4beeced8f42b2f0016ea94b72c729811c572551b92a61fbd2 |
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe
| MD5 | bd704dcdd8382dda903374b71096fed0 |
| SHA1 | 634191666c77b95e4a92b52a86b50ae08fe65d9f |
| SHA256 | 007f66df172b409f06e9ea26e6aa6b753d10f9616c55b53feb3b86ac5632921e |
| SHA512 | 38810795dc84c2b580a5e1f50f495cfd07bcf3bd8a4b03f6e185ba60761d09f59de5618ae8d05199d95b7b16126f8623f052b35265b9ebc249e280c65222f54b |
C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 97ba17b50bc6b81b13bbb71ef4114fc6 |
| SHA1 | b78410e7e4a35db32cd954b4c216fc3ce6588378 |
| SHA256 | 310fc31d5c38ba5d34d98acb8d51249a54eb9954ce645fe1280f0685f99254ad |
| SHA512 | c086b7b0a690249dbcf15751025d714e8d7ebad8658fcf3a2b94ac28d439eea6a1e6fdb3c3d10a1525eb073555700b6a17ab658ec9ab5d959b30b594b57ebedb |
C:\Users\Admin\AppData\Local\Temp\yIAI.exe
| MD5 | a6a7fa0f18da11ac0570160e202999af |
| SHA1 | 53b059444714c486b231cf2078c9f0c2b8d47bba |
| SHA256 | b8481f0c8e011b7ee7556a8c782ca4fc9a13d448143b8420cdd59fa5c9a79cec |
| SHA512 | fb705b6d0fac5871ed27cd94b6ead4b40b54b3fe898612cf0608b3b96c2905001302d2f85030289e0917026935f5165f63ca5e3cecde8c7c339f08c468f45c29 |
C:\Users\Admin\AppData\Local\Temp\qokC.exe
| MD5 | 07c4f69ca076084737c25bc1bd53f670 |
| SHA1 | 0368e1df0ad710397d35c25bba3899870868f9ff |
| SHA256 | ef167ac2efa03e9aeb350a708614cbc5842170253476ae83aa4ca3c92b531780 |
| SHA512 | 35906e8696580a764339ae7fd294d2a62bd25d16349ba0e153431c9c0e299fcb8c5f4412785257ea1b3c441f2492bb0cf1538ccdf6ea445f3b8c679cf3373f7b |
C:\Users\Admin\AppData\Local\Temp\MYwm.exe
| MD5 | 65c8c4e825b05bb187cb478416ddce91 |
| SHA1 | a44eeb45c153c8390dbc81e709f2ae7680b414d0 |
| SHA256 | 3257065474a26762450152df864135b28d737d7bb45530cc4cdf16252e74bac2 |
| SHA512 | 042ac0eb30df3c646db0714fe951a7640a229c70005ba12128539931397165b7a59dc51e472b30ce9fef5dfa90fdf6f089387f19666a99343dac6cb8690311bb |
C:\Users\Admin\AppData\Local\Temp\qUUU.exe
| MD5 | 295c483c5bb4036992b9312451c48aef |
| SHA1 | 3b15753d5d97ffac6b7972fcca6625b89adcec82 |
| SHA256 | 25e7b369567a7f48288fb834ae7fbfe42014c4ce51dd3c92c2bffce8e708768c |
| SHA512 | 9f653003f6f17075d0164355e0b2270ee28af01961af8c863307ef9b3da184a5e3fac0e6d5e5002f171423047e39138c3af90e435523341d0daa428472a51859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe
| MD5 | 0ac515bbb92de752349085ce8378753d |
| SHA1 | a68b9e65d0264dd79908311d3c4a43dcfc19c031 |
| SHA256 | 671c78711c2a25c0bae929a2a678dd5c98287383afe47803de372897d1917ce8 |
| SHA512 | fa23ea0d84f0e84fbc4f82409842a5a33c2b9f827d5c1f5097828e41f0e72de1a61c71f90cc0e521822952259bf9867729f606664c178f9f599ef4398c6cebad |
C:\Users\Admin\AppData\Local\Temp\ecUi.exe
| MD5 | bee02b003b15d30b29c2475e88dc8898 |
| SHA1 | 3e5ace60fd4789c0dde6509dcd0c6b00b31f2bd8 |
| SHA256 | 9e458362909205f486878957c789fa0b5f7e691bb75af648424fdd7cf5987d45 |
| SHA512 | d439ce20025ff336c8c486ba1df4996d9e4dff6ef1ee467a4fe42208559168f4237d5397e82e26e58c1285658c5dd9408d8c86ca88420b6511abbacaca56c1d0 |
C:\Users\Admin\AppData\Local\Temp\KYsk.exe
| MD5 | 7fd17c039c812520841008a61311222d |
| SHA1 | 49bcc71ba7ba4d759034b9f78cc0bcce7c8418e8 |
| SHA256 | b2fa8f3c3c12ef616626e65b6c91c34f127055f208ceb2c745d8651cd3b9e6a4 |
| SHA512 | fb0278864c70769666196f2c6a2b6d78386b40285e86c005d9e8f97cb814515a236e72522eb1e1d55727ae4d3d17ddfa9a5344a98d093f6a3b8309f98ed07c82 |
C:\Users\Admin\AppData\Local\Temp\cksM.exe
| MD5 | 066447dc16a0474bcc4098cc1fe16084 |
| SHA1 | 19f599ccc67a65549a3320ea21c17eb82af441b7 |
| SHA256 | 456a101dd3838b15f392dbe9158c7b64127384beb124034dcf4b464fcacfb6aa |
| SHA512 | f1ae75e4b1aeedd3850cc729ef840f1c19bb198e54b4986122f386be91ea20547c6665a00da4056ccd6f2c39cce8b0ef047b364592258b52c425673213f192af |
C:\Users\Admin\AppData\Local\Temp\mQcQ.exe
| MD5 | 345af6b47994c57003e772f81b94496d |
| SHA1 | ed64ab3fad99c0798b9678bb39eb1e2ce8d221dc |
| SHA256 | 53c0478e355d34e98c1b1569de335d066cb04b3be24d5fbea3560a90226aa236 |
| SHA512 | 1c9d37288f808f88cdba0ba831c58f27fd8454a971e83ce5c5c9430ce664d1fa0afc3014d794c545eb500d47964b243448ba319d2f610a93e691c9b4aa63b665 |
C:\Users\Admin\AppData\Local\Temp\IMYu.exe
| MD5 | 62b115149ebd0ad2debc73a51f437c44 |
| SHA1 | 4c94596581cf00fb4cb8b1a44a62bed5d220a518 |
| SHA256 | c079fbf3f9d72123ca91f0da1e560b83ec211679f660b78a3833d02c0ea9777e |
| SHA512 | 619985611120d79bb688a67473c2752501d91a036955dcb1490a36b861c2d6a52b762bd06df5c4afbeee5fd24c9034e750f7a9f94d4b7ed8d4d442c769b8b25b |
C:\Users\Admin\AppData\Local\Temp\msoO.exe
| MD5 | e723804a0825e6c3574a5fa72177c8cc |
| SHA1 | 6b68a382583026593e766566e70d134c1cbf26c8 |
| SHA256 | bc348efb69af4d030575edd8f184e67033eebc61b4351ccf0aa206ae04c050aa |
| SHA512 | 231f72727864271eafa993e84ee3d1c442e2469a4ee6a54aa655c9b2d5e53c11098a51ee920ba914aa4dd4bddb961d9116c9aa654320d7ca2da0d41ba0447192 |
C:\Users\Admin\AppData\Local\Temp\sAwo.exe
| MD5 | 45c389299143e3f30dc98fb920727524 |
| SHA1 | 0b6a61050eaa658ff4174c73452d5061bffbe4e5 |
| SHA256 | de1765e4a4278066ff74746c081317aa9c23081e808bc81cd5ce1def6ba859c1 |
| SHA512 | 254a40aca7a900994080a1811327ce825e9d1ae4ec2bb6551525a0086fc931d4809e199fd7bbca38a820aed5c91d95e0c839c89852e90fc25be8a33ca32ed2ca |
C:\Users\Admin\AppData\Local\Temp\AoAe.exe
| MD5 | a75ea6851d9279d6b1f8b907ec7faa47 |
| SHA1 | 772b3f3167778559470b740bd822b3bfc180b652 |
| SHA256 | 3f85cd1e041f12a354e70afa6e24c22f4f1bd2171f7afa8aec0c622cc8519baa |
| SHA512 | 1b1939aa7dac2134d557c94579a713b49a42599589f6bae3c45fb338b0a04aa714688cffda5084bd54cd11d4b01ca9a6c2d4f3aa65c4126001645132580c6aff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe
| MD5 | 292218aacba4c70d3316ab620b4cb598 |
| SHA1 | 726c6d5bf423604b68ad052b5980ed4d17e6b41b |
| SHA256 | 989ae03beb26ca820c02817426063c7ebbe63b36dab9d4de172512efe9508677 |
| SHA512 | 83ad792ab8c2254ae985009b60a45b75211fb1e484ad6b804c66a4cc0fbe60432446fd00fd0768c3183155f4fa134fdd6bc2d01bc892be481a95db9df6035ac3 |
C:\Users\Admin\AppData\Local\Temp\kMgU.exe
| MD5 | 9fb342eaadd579e1a52e698d192cb6e8 |
| SHA1 | f203611a87607b0e7a5a29f88c8a3590062644a8 |
| SHA256 | 1e830a30fa1fc5e73e259f5a0705201fe1106ddd774f342d266e39a1ceb1b1c4 |
| SHA512 | a589a89048c9180a70135a713e4a9d0e282b94443a78625a86dd2071e31f3d86a76e95955b1bcfe229f62519b48f39868acf81f2c84725a23b04f0934888d9d6 |
C:\Users\Admin\AppData\Local\Temp\AAcq.exe
| MD5 | 9adaaedb8b318c43657f3f6d9f4ef3d7 |
| SHA1 | 39823ccf7aec07fb5f8d9c7fd906f1b9061cca9d |
| SHA256 | a391925d0940ec078aeb491170d19ac4abbac55b2a72ebbf05752953225c65c2 |
| SHA512 | 42b33b0df12789c72304e7a92fc5bb26f295b184b9e9856f5d23199b25ce67b23a94f1a7af26f9eb61632913b865e6183a7f2072147ca78ef770b183d20e29d4 |
C:\Users\Admin\AppData\Local\Temp\oEMm.exe
| MD5 | 97bc1fb377f43b982bd3ac8914314b2d |
| SHA1 | a48305e6f96cde76a4fcc696fa10ad32fffa7e40 |
| SHA256 | f5d89b24d044d65f7ce4a49484d7d81e9fc8e0137e7bfb8cf86caf3136f7c484 |
| SHA512 | c1d6d07b6084a1b5337e1783d9bb524a7b227643c66a33825f7c83864bcaac37c76b59444c6304fe3beb0b9cef5f7dd23b1b2be4e57685037af28699cb1f374c |
C:\Users\Admin\AppData\Local\Temp\GooU.exe
| MD5 | 994510e86e43a0067944ee7083350a20 |
| SHA1 | 41984c637059c0c15980e00784bdf8e5db04e7e9 |
| SHA256 | 11fca85d6cc54c3f905c18c11134bad71e4e36a4ac3cdcdc9fad04d10d6415d8 |
| SHA512 | 21b2aaba8de20244e6ce18b80234d0a82bfc6fd8b0a9e16c77fd744386a2edf46c43d80b7ae96d23bee168c86a080355b71f6fd5d840ede2e353c26262b6c7dd |
C:\Users\Admin\AppData\Local\Temp\Yckk.exe
| MD5 | b3e2494f1067b73501fad31ea072fea4 |
| SHA1 | e3f2303515cae61b93c8394fa86c11adb3adcf27 |
| SHA256 | 50210bacf10f02c6b9848a293ca9c703fbc770170d46227b9a0480bb7483a981 |
| SHA512 | 31a11c7ce2f11031ea531a66111591e1b3a2f564206792d79b1c77fc027365ba4ae192d852ed33a40ced5aad08c044cee3b388314da677b5258583cf049e975e |
C:\Users\Admin\AppData\Local\Temp\YgIE.exe
| MD5 | aa879b383d069d9e9d680e71ad2f72cd |
| SHA1 | d5151af3ee6812d2f3ddb44eb7c1b5e6e32b0288 |
| SHA256 | 316a4ecf189a8ac4e464e239beba5ab25a164e5971aee721eec936b5899915e4 |
| SHA512 | ac6fb3988e699420666a5330509c5b8c50bf4fa01af147d5482ce6795d99a5a6408189ec906865ceb0e48dc2ddb61fb908215b36e424dfba3ef08e7ffab607af |
C:\Users\Admin\AppData\Local\Temp\woYO.exe
| MD5 | 2829ddd8a13eedc16b3df0ac6d10d9eb |
| SHA1 | b7b66b3883638b676973cdb8673d458a29789cb0 |
| SHA256 | 4ad1ccb68acbf7c2a797abe56a739a80a09be4b0eca50109880c0c17805f9b31 |
| SHA512 | f6b3a0be1b5bbb87c5d20f74cee661422bd56edd6790ffd55f9d7abd8d73cbd0b4abd7086b9be07fe03300ac6ef7b5cef475436df2c7bcc158b6f3de41278b58 |
C:\Users\Admin\AppData\Local\Temp\GkEO.exe
| MD5 | 5a7fbc75914cf0820cf33580dc6411ff |
| SHA1 | 0f8905692f4fc555c5be15c17a6a6e877c3c1fc2 |
| SHA256 | 24cc3d836da6ab247ec3f7b0b3e1e7d6e18621b851ecea7272a2de3bf69e17dd |
| SHA512 | 22297a33888bcf881955c1c0c425f1e8e7e1b669dd0ab170bb6ae8f0580b9fbb977b9898942da87812bddb0559a3f426c16d77b63695055eb7b6d26dbb90f022 |
C:\Users\Admin\AppData\Local\Temp\uckS.exe
| MD5 | 9d5eaaa96dffa7761644087cd79e22ac |
| SHA1 | 23c929ecfeb9e4cdfeac0d0daf7ca7dac741763e |
| SHA256 | e8f36fe16b240bbf4145a439da90b0c51df37a4f34a099d676208d189e42a02f |
| SHA512 | c154e6adc929f7c56c50818e6cc389fdb568f2adb4ce61fcfac7371dd0db242746b3e5d2b2d38b6a602e22708a0e11a650b9f196444c1509426f2aa01eca3323 |
C:\Users\Admin\AppData\Local\Temp\wEkg.exe
| MD5 | 1020e3ff8bcf71d2866331eae9fd558d |
| SHA1 | 1332072cac7717317d7b97681537df93e71df945 |
| SHA256 | 4d27f367cc3ed9e3867f5bddfdba6c88b56ff4d30d58bcc0495c302b1dcd2f93 |
| SHA512 | 257962b4623337a80e0038dbcde0b5f32f9344025e82eb290afbd14fedd74697c1f58dd698a642bad49b2ecc90ccd4e1c12e0d102bdac50e161fccf1cbd95d5c |
C:\Users\Admin\AppData\Local\Temp\KMoc.exe
| MD5 | 635cef9c28f81607b6a0ca176a6128de |
| SHA1 | ddf29c9b30d4b1e879904d4c4f7aaf5053a67fa7 |
| SHA256 | 2692878a662b0f9548dd89df0fdd29241f084edd882d1f2c57fa2a9c0609dc41 |
| SHA512 | e6ff63317df8d5739a7dfaeecbbaf176aa49202ab1844b0ec58be6b43c5a930bbd94274e38e92dad2414eb2cf9c466acc382f827f82a276d24f103afc67b863c |
C:\Users\Admin\AppData\Local\Temp\AUkO.exe
| MD5 | 0f253c712c15ea84875c12f8badb3bee |
| SHA1 | ad07b583099ecf20222ea424fa37a33a44af2133 |
| SHA256 | 8e41192b21eaee36fad664ba9399d8211a7eb1572bc88f48aa35dc8572d838f6 |
| SHA512 | 731d21a2ce2f4b9f205d95eb6f5fd4970311798f490bd5ea7e1c069100cf63b7e537c16a2c68b9eb29e041609c036f2453cf6b201d1af19a7f0566c256ea52da |
C:\Users\Admin\AppData\Local\Temp\Ewok.exe
| MD5 | 1a719172b16cc55c8bffc364ee2cf423 |
| SHA1 | cd22b8f53bbfd66347d4041fe68812ad278613f5 |
| SHA256 | c6cf202ea130575b7fa7e252753fd6dc8901a8da117bed7b0ae2a364c9ec9545 |
| SHA512 | 74f09c9a6b23c821badf30bb717203768035c38eec23479a80cdeb893c0ab30925b4c48ac0b86c065ee3e25655cbc1b38226fda88edb0fef4ae76df62c204360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\128.png.exe
| MD5 | bc645404d2bd6d85c5d7b903ee640a47 |
| SHA1 | 5b1092b71331074b2bc8f4f50c15114efc00c779 |
| SHA256 | bd0c25f01591bfd3a7ab485ca348058c1e6c5919535a10d4ac7127f8f23ee979 |
| SHA512 | fb0730e575f6fec9f531941db2192f727314b5fed7c2f8ce24949c4507451c243ab0311d10cb5c72a749788e2d98a5df43fe7034973c095a47846f42111bd1e9 |
C:\Users\Admin\AppData\Local\Temp\WMgQ.exe
| MD5 | a8cf6a8a33f8ba060e569a8677050769 |
| SHA1 | b1b91d397261e0762d99cf8501bac0917ee2b9ae |
| SHA256 | 73917774a0e2245fb50914547955f99926bd9b177ecf1af5894ae650cfcf26f2 |
| SHA512 | 51e7fe05e1bff45a5a9604ba5e1d4a5e693004eebbe42c5211af28dff5ed483f96d5d4e2435e98b6d793b197cd73b4bf580139737099d8fa438bcf460a56ccc3 |
C:\Users\Admin\AppData\Local\Temp\msYq.exe
| MD5 | 0e7bc43fec43cfa82cdbeec7f3984863 |
| SHA1 | 3e3b94f5f4494f630a30c2142643f90ceb0e212a |
| SHA256 | 1f0207a1f12cddf02f9b218390208cd2e4ed3535f90d84bbbf997c760dd37e11 |
| SHA512 | 50f509c2415f50feff4d58cc518848ae577f97c0b4e3f365dafc18c2bc38feb0e98f6128f7e5cac8f07c11c68e921c068ccd5e5a5510da618c028fe08e9557ad |
C:\Users\Admin\AppData\Local\Temp\eUws.exe
| MD5 | ea82735cf83fd81823bff1782c1a619e |
| SHA1 | 5029cdca2f05510ec303d5358dc442519444640a |
| SHA256 | 8f17545a2c0cb8cb7471acb4d31052d5abfadbb8e75ba412df8069e926107710 |
| SHA512 | a6c59c48f2aee843fa5a592cbe3222b6699a19725067fc2191b0e726c0e2b5314968073f4c50edc2577e254444266f82de9e3763f429fa701820ebce8b0d8432 |
C:\Users\Admin\AppData\Local\Temp\akoQ.exe
| MD5 | cb8fa6431b740ea19b3cc6630f04b4bc |
| SHA1 | 2053ea03d7c0500c0f28b784420b3de5800c90c8 |
| SHA256 | 50be639ba79b6f9e1011470f6fcdc8831341736eaa16b2555a84672dee6b49e8 |
| SHA512 | 623250379c6da1486da3f5f43b7449c60423e74219213b3fc3961c8cb18ec179e0051af1b6546672548c538416596093a84c5e1cbfee01a05f78e34aea48b8d2 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | 380faf9ded3cfd9aed4b7e05c72f0a17 |
| SHA1 | 8eb20c630de7399a35127adb254c6c59ffa5aea8 |
| SHA256 | 16d7056ffa6f46c1a97938a96087cbcdcfa712e82c00708b282b14c55a3c73e6 |
| SHA512 | 86a676ce020be0a71cc50127dab16dd725805dc0b1b8ad30ebb09e75044b7db7c980545220799df79109ef40edf95dc8f1ebacb852894ec791b7303dbeb6da0e |
C:\Users\Admin\AppData\Local\Temp\IYgW.exe
| MD5 | afdf6cea67496008165e2eec89d4c53c |
| SHA1 | 321c3664fb9d312765ab78bda0d13ec94c5d4f1b |
| SHA256 | 9763e5864836abc0ee1f6885274119d8088e6c26398ef1bc5ad7f477f9453bac |
| SHA512 | 82c09eb905ffeb13480e11c0a74083ee723071bef9db4744972c7c1240bdd6407b7159b7c670006ba7f15dff288dce0bd1c8cf2b5afd00b1db0942680d20502d |
C:\Users\Admin\AppData\Local\Temp\wMQM.exe
| MD5 | 58b03b346e89e0322bca4b03dde44715 |
| SHA1 | 3012847def6ac1ec91c4aa78476fa6908e3776c9 |
| SHA256 | e58853ac5d8f334a24a95c95677acc0c230ef6ce9902a2b1f8172a20b0fcc300 |
| SHA512 | 367173e2382c3ba864b2fff94287a95846e86a2cb43891357d7b1f388d2dbc5e289ed0efa73c5e47e2a0213d95d146b52dae687d606260746ea0d4241cef1726 |
C:\Users\Admin\AppData\Local\Temp\CQwm.exe
| MD5 | 41e1720e19523bc77f692eeb96b98aa7 |
| SHA1 | 54fb53d0386c246037e3810879b7f7e7eecd9eaa |
| SHA256 | dfaf3b92d0d435b38ecbe0aac4a855cbbd2f846f8fff57f2801e8f4759426588 |
| SHA512 | 4d94fa6d8b18166346c5b1d2fe50718ba58d151e16d6960901e6d8f6febcaf5f9e8de8f5beafb7bb17ac1b68e4dbaa22490b9b5f3402eb0f825e94bbaae3ec7e |
C:\Users\Admin\AppData\Local\Temp\owww.exe
| MD5 | 8ae5b52eab568ae3263ebf7d7bdb1c57 |
| SHA1 | 3969b0cdfcf988f9b954bdede3e3d8499919060a |
| SHA256 | 6007a20614220996ee75fe9f40adc2364e9b3de375305fb0c80496767ea32f4d |
| SHA512 | af388fdac329086c11f11f0b5e50789d77b663e0da4f7724a48e52163ab98b2411c561c3eac2645ae3284291fcedb195542d72766ef82c4adf49460c15d16ca1 |
C:\Users\Admin\AppData\Local\Temp\gYQE.exe
| MD5 | 73c2103404d27b52da4b8ad061e5015c |
| SHA1 | 23fa82293086b7148adbd924ffafa1f48821b12b |
| SHA256 | 5b134429a396c35ff6bfe77bd6192b0e2e35e09b93cda5ec78b935482510d32f |
| SHA512 | cd1918b57219ea63b4317e83ad1afc1aa479be0c670f890bb2fe7f173b6b8f3c87543eba0579e0d520dba85fbd95eda1f7f6a212bf33a9248975d317bbf8e0cf |
C:\Users\Admin\AppData\Local\Temp\SUAm.exe
| MD5 | 90b021655cc2152b6f9c0aaa01ea8225 |
| SHA1 | 21c6fca75c8a79bb9d348cff9f7075832f86898a |
| SHA256 | 9d044bf2278a55f4ba9b581440fac24af6766514eb950cebe72180ae1947174c |
| SHA512 | 48035ea45b6cc3200bb4179cdbc8e64bd408bca842b6eea4f40c0b77bb6e059d6d060a50e597ee9ae518cf7f8df3fa47b1067e6036d2209adee8d9ecb4c60704 |
C:\Users\Admin\AppData\Local\Temp\aosI.exe
| MD5 | fc570d9d051193cc63ec805d7171c45f |
| SHA1 | dfd8ffa4e03b204556661e9864ea52ad433fd57d |
| SHA256 | c5321ee75148b144f69cc0b5d483a76c1172f4c6c1e9edf8f54cec4a5dcdcbdf |
| SHA512 | 525e4daf91d8b8b42b8ce84ee1f96d2b70babecd17891d174378da7220f4c218f0a29107939e294def170c3347db66fc200bad99869faa62045d5ac0e8950afa |
C:\Users\Admin\AppData\Local\Temp\skIQ.exe
| MD5 | 7873a4510d229df813f88e3e3950c2d0 |
| SHA1 | cea60fa6087a781fd08f9cfe89b35fa4faa7c167 |
| SHA256 | 3f2ef69cfda52e76657ee5c76ce17ee0178e09d7dc0358769ab97809c9eae750 |
| SHA512 | 6f7687ecb100324ec30a7f282b65bf0eb1a300fe57fca131d4485700688f2b51db5b6d25b7c6688698914b9cd691d6d6d4f57dcaf3487f5668dead6067735850 |
C:\Users\Admin\AppData\Local\Temp\gMEs.exe
| MD5 | 94523be35aa78e14c0b3ae0ad8e90f3b |
| SHA1 | 35c08c206a0faca91ecf294698f5964ce1aabd60 |
| SHA256 | cbe2b7f0876e12d4e53009280b9aa6e4a87c349cd5d871f3d531bee91c8089ad |
| SHA512 | 9346738c3eb04211bfb7a5a41f77f180e753806bd2d0d9ec64db85ad0233e74f8222d9c46af6d9a67f06ae62c1052260aa1ecd8bf087d1f988b77a97f56f10e2 |
C:\Users\Admin\AppData\Local\Temp\awMM.exe
| MD5 | 250c65ae310e0e8b165c57d492156cb8 |
| SHA1 | a4f519844f2556fb9f33a0fb4354e516a11f9608 |
| SHA256 | f59bfb8ffb7f750221b4c31e7c520a2c1f8c218227b1d84aa9984cd2096a9840 |
| SHA512 | f3b8552af74a1457bf207ebc1009a39d0ea16be3b8ca47a326fa05428e1cd4f10df5a0d5ca99fc12aeaf20b25fdcd406dbb655559601ad362613671a5e9433e2 |
C:\Users\Admin\AppData\Local\Temp\awMU.exe
| MD5 | cf7aab4babb414d6e09a7508cf0d3d43 |
| SHA1 | 6a6cbe6306498b8c664b61d8af3467be85fc653c |
| SHA256 | 9c5b76e2d11ad629e570442f86de07078f4640c20293ed8ebf21b236b77dabd4 |
| SHA512 | 3ffe3882befa9b698bf074d991c626bb7c4aa32300f8a12f26d2a501152c4074182df3f0dcc3f699ac38df88efca6f6dbee3f83d1e72d187b8af4e05c38a675b |
C:\Users\Admin\AppData\Local\Temp\Owku.exe
| MD5 | 4b22b4084eebb4bb3e415791636e048e |
| SHA1 | e436e195ed81484117b7b2eaf1b691cbfeafb667 |
| SHA256 | 02d2bc7b23aaaf6c2be72beebfc04eed333327eb0e63168cb559cf70b4d73242 |
| SHA512 | 88104c60dfb7bb9b6aaa74abd3c87746ad1d8b8f3915fafa3dff7b0f20786bdcc13cdec6229020424256afd507c1e1c47ab2977254fc17cb72094382a136d0d0 |
C:\Users\Admin\AppData\Local\Temp\yMkK.exe
| MD5 | 7a16e5eb1133dc76bab3eb9904981db7 |
| SHA1 | 8098830a897de5ba221a205fda484f09ab769ae2 |
| SHA256 | ee31165f39abca3bca09f1a53afebde9c984421f29bb76f96466f3a5dbae542c |
| SHA512 | 8097056f64eda81233fb7a8ca2eafa5fe6b8d719ca32859d2919ee8f2b0d230b798947fd857d88ef56831800e2d0c5b1ac5d67171f494a0cf905e59ea62ea696 |
C:\Users\Admin\AppData\Local\Temp\Qook.exe
| MD5 | 56323049d60ae077875883c46dbdfc71 |
| SHA1 | 5e39c4df30b9fd6a99430e56f355725e3c5bfc76 |
| SHA256 | 6794c634a4a5158a1451578e23ae2b490062c0e4a15d01019069dc179b0e77c1 |
| SHA512 | 6fb390dd3101488974f096edb75007df70e5aa175709374cbc199d0537ee1bdea1df185defe96214c4ae61d2962100ccdc70140f3143d54436f0eb319d56581b |
C:\Users\Admin\AppData\Local\Temp\qkoG.exe
| MD5 | e9e3726152f12e48ac84ce929e4c75d8 |
| SHA1 | 831cd778226315b7fd24d96874a12ba43c8c5189 |
| SHA256 | 47f855e88f4c40f3392a2b9e9630466e23d5fb5899a6a4d4002d7826b33f1fd6 |
| SHA512 | a7993ea88e975ea674a7d67b319330ea0260810d203dece00a52d41703ceb4d58321357a7fce9bf57446032803dcd29b16ce2e88b4986be3cc68a83706f0d351 |
C:\Users\Admin\AppData\Local\Temp\uEUi.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | 7eea3a3d36f8cccc0e1b0555d06ebd1a |
| SHA1 | 8b97bf9067576ce623b4a600c81ceb939bd67a7b |
| SHA256 | e6f65e88bb6ec7da937a5677f8414099038e20853e0d31266d70b665989af101 |
| SHA512 | 42a160f1a9468abe2fcdeb64352c50a428b70006b5f021bf724fe7c98dccf40190bb65c7b359c4fc318a871bfe4301ca9cfc85d2fc3b4ab15e59d7fd727672d5 |
C:\Users\Admin\AppData\Local\Temp\EwIg.exe
| MD5 | 552e4a65ece4367781cc0430c2633efc |
| SHA1 | 6ef36164b28086f55dada331fda7d99a14595dcb |
| SHA256 | d4e1685b1c70fac364e51e56fbb557bd99ff28dd0d415ceacc9453759411fe55 |
| SHA512 | effcc439671b8027cd1a3a80b8b91df41fc4c7c942c81f3eab9f58e19f299aeeb98a90a4537a8a9ea804819fb9a57d5dcc6aa79ea6b72006ba3afa8524b21b18 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | dfe16d2e0a8c387ab208faa485263c24 |
| SHA1 | b026feff2778b165319badd27a5997d60ddcb3fd |
| SHA256 | 0937ad20ebe8c3424181bd29d4abcac96c408cde3e831a68a67755f24deba8f9 |
| SHA512 | 31c4d0457f32d17cb2cb1f03430c83d8f74f97c1728aaa54f99a7a14dd18ea854bea54e06a3a4439bd8de0c08337d9bb8b01fbce177e145a0be99e44d6051c29 |
C:\Users\Admin\AppData\Local\Temp\CowY.exe
| MD5 | e4272c07df1d1ab55da2096794594b16 |
| SHA1 | 05d9ae6ad8979d0da636358a638832b1f92bde38 |
| SHA256 | eb0b997c55659cff94254aa6c4378c20f6eb688809142fcb231f7feab2d9b8e7 |
| SHA512 | c3aeefd6a797d6f41284b30fe46f4ceb8ac713acb6a36840fee2e40eedf1e9e4f6a97cc70879110e9780bb751dbcef82cfb1f662e81bf6a81d47a5af6b564ed0 |
C:\Users\Admin\AppData\Local\Temp\CwAC.exe
| MD5 | bdca13f9963ef320f1ca780850676626 |
| SHA1 | 8f95ac09d5fe3e41e244ea5346581e0a2c11c92c |
| SHA256 | 3740acc80caab1296273a461ffc79c94189347efb40ba9580cf53ab2f3a83281 |
| SHA512 | 185c49ba615e86ab58854c01fc40c94252a018fef13e4079c6ea5298604115859df3798aaffc68704eb0bc5804c1d1d11e14a84951b5f477115a90d3315fd4ba |
C:\Users\Admin\AppData\Local\Temp\YkMy.exe
| MD5 | 6193ebb63cfcb1c7d199d4a21216d06a |
| SHA1 | 88795af355282fac65969e440d334326b0d82252 |
| SHA256 | 091b741f984e6f316e89cc9e2f056b0ac816ce0686f9793312dd695bbf082104 |
| SHA512 | 138180ccf32b20f70f2af617aa73d212aefe293f1253c19a75eed1f99b1556c628916a938967aa544845d035ea7315d0defb66d3fad88c30b1f291bd5f0cc102 |
C:\Users\Admin\AppData\Local\Temp\Ggsy.exe
| MD5 | 343971a17192d1f113a0d5ab97ae8bff |
| SHA1 | f368e8236538ae5fd334fd448c57199880ff8c7d |
| SHA256 | 8dac603116c080b828791eb540ed60cc089a172cd46db0ae1c132b595d62a0a3 |
| SHA512 | 9fb8c26ced20b0772c3825758674852750c41026dabd3dc2c9db61057325e009d923f4ac7decfb6c474297a7e916236161a61878371335bb3531f554f734f52d |
C:\Users\Admin\AppData\Local\Temp\uEgy.exe
| MD5 | 8edc7ebf83c40d43c45b4fd1bd405b27 |
| SHA1 | 546c08157a399da0271e7a5ba9ae4331d443da25 |
| SHA256 | 0b4bf1b2ea03e613d469f3985ddf7f76fa5e3a020254fa684a41186665214225 |
| SHA512 | 42a8aa43a2f8599cf8444179f2afb5d8c212516ee48fd9c1856974e89a6339edfa1f6ad9030ea6d3264358c64bc081ce3389693e53378554533d40b37a7e9c9e |
C:\Users\Admin\AppData\Local\Temp\qYQE.exe
| MD5 | c1ebbb77aed68f49096ec233e1691660 |
| SHA1 | 9ecfe5c4b4b0c64561c8e914ddd6a3e988353581 |
| SHA256 | 8b00d8f0d33facc0bc7fea9b8b8efe8a5225369335b38661b35b1f71600a4989 |
| SHA512 | 7dca3deb8ade8547faafe881f842446aafef74ff797952f1a74a73d553ed44ff32e521a143df0261fcca325d2750073a94f3be4146dac6336fffafa487dbcc37 |
C:\Users\Admin\AppData\Local\Temp\WQsU.exe
| MD5 | 710424ec7d07ce13abbaf8121ff589bf |
| SHA1 | d641a5b6eef9f3adfa0ed992fea9d4c67c5c4c2e |
| SHA256 | 35601b3bca56d24267dfe7d062e87808e80fa67d4a59cb0c0a11c1237b52291f |
| SHA512 | 2cfb63063e1b95195a5c16e5ed01b57ac9f34f16be91e05e43d70ef3ef1e3ad968f98518f6ed1b95fd4dd762e9e99a23e1f2122b373dcffe1796d909f2a30ed9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | 8736c4be0c740c8c3a7c5c61a8534f32 |
| SHA1 | 865a75cd263cd1cfa61f555939b286e4b19c8257 |
| SHA256 | b590e88ed0de59b8c8c3414bbf57c5fdf952693f41d1997f792aa6ba8806a9b5 |
| SHA512 | 2186345ac1be321d477cf9f67b21b05c68c2a163d09f58a61c7c56acd938d460703798701568bb77d7babbc9d798d29e6ce64134dc87dc513d7f20d0c30dc299 |
C:\Users\Admin\AppData\Local\Temp\oUcO.exe
| MD5 | 1af4489eed5eb3ab39a5cd60c4d3b24e |
| SHA1 | b3a7061cb6770d08a5401054aad98a2fb022a9db |
| SHA256 | 0f988553de09b38955ffde117a27d2746082d63dd24bba675aea45c77131de3b |
| SHA512 | 9603a8c8ee7e0f3e65de93b8abd45f9836d661fe2d4ee60fcb641a93511ef4cd8504e853d63d25b3ffbbebf768ca0aa8dfb8fbe4f207044cfc524322b57047a0 |
C:\Users\Admin\AppData\Local\Temp\kccq.exe
| MD5 | ab399e06bb4fd132ce82029c19bb5c9e |
| SHA1 | 524a7e16e4c164b259d3939b51c691753dcc27f0 |
| SHA256 | 263c0f7964a69fd12af0ca6784aa2e06f85cf42898540fa82ea8fd0529d85e1f |
| SHA512 | b1141007c3d61b1343fb02b6eeb1b0f079c21cb8115440db594a579da22e4c4bf236012213cecf862bd4ddfb5192e689aac90f3a597bf08914929bb83dd12e8f |
C:\Users\Admin\AppData\Local\Temp\YQwA.exe
| MD5 | 0d33668d7c971b9a5cae835f87738cf1 |
| SHA1 | 45c2099bfd535debd053612d1d4f1aaf2914d6e6 |
| SHA256 | c14af7ea00543657b8c168796d7bcc57853e8de44d4a652be2fc503c550a3f43 |
| SHA512 | e1f4ca7f07719e8e5d96292fff213004dcbba697d354848b9494f2e1083717fccdf967f71fafffa09d04a1a86fd1100e3336680dbbca71c8a62ad25b113f83e8 |
C:\Users\Admin\AppData\Local\Temp\Mooq.exe
| MD5 | 70db05da856a75139b8288dd2e4ddb6d |
| SHA1 | 6bbefdb5072d697e415c5d9d65994ae14773a955 |
| SHA256 | 8e7f3651f6d65e8f97b69780467ab37dc1029ff3fd6d08145eb3a3924d3cb770 |
| SHA512 | 73abadcc2bcb1385ceac2aa14042e68a5d9616a7414403dd5eb96c4dad8a7f08bfcdce767e6fdb91f8047ba05b6487c67da19278d114cc2fa3d258e6f5597911 |
C:\Users\Admin\AppData\Local\Temp\aswE.exe
| MD5 | 33374c3a416d1795873d57f303b807de |
| SHA1 | fd6f51bedf5845a5022c90a60f53e502d8a36682 |
| SHA256 | 791f885703c5cbda1890001e4d7e1bba889c78614b4c16f3aff881261652dc91 |
| SHA512 | 016f2a0d781865c579c6254b0a3904b5695465c41491173665a6a417b36d0f1d953975222c26033d360b936277981853676ab53f93c1b80cfc267d28db664ff2 |
C:\Users\Admin\AppData\Local\Temp\ygsa.exe
| MD5 | 9b8d6182a37f42f2198d96ee49e3a209 |
| SHA1 | 31609317f6d82f1f77e9020b13ce946860d1bb36 |
| SHA256 | d12d0dcd29e7a122e4a6f646254982e5ac82df063967e995d95efddd2df46a55 |
| SHA512 | 361f95b28440b63e3a48411681205498ba8c7303351294d832730d024aaf8f910227d91f52fc36cfa4b5158a9fe4a15ff6bf9ce57fc25b1d8327e4d17b06eed3 |
C:\Users\Admin\AppData\Local\Temp\YoMK.exe
| MD5 | f834faf95774404bdd8ecf55eac3d77a |
| SHA1 | 4fd1b96b0b9fd22b7ca4ab49eb22875cd0c4dfb4 |
| SHA256 | 91e7075f9ce7d80906c43711e6ab3cd6cf54631eedb620f6863368d5fe1689ab |
| SHA512 | 451643eb154bf24551a4a711f650ddc3bc7312bd4f10168ce0828185bcd507a3804ba1b07bdf316c19ccd470fd9d03d310cad19864c7dc66d7d7113d97ca0c4d |
C:\Users\Admin\AppData\Local\Temp\ewcI.exe
| MD5 | 5492488ff05719e0c1161e0ce7cd9072 |
| SHA1 | f7e6d00349e18778ccde55cfd9350cfd6de1c9d5 |
| SHA256 | 004d8ed50666e80734e8d392e1ce886b68dc5660e519438a3966ee70045b5f5b |
| SHA512 | aa853630345c072960817f8c47af0b6301cdf4410dbb811350c6063c84b4232194625a80ecce861dc3aa44fb39b3918014420548506a98c4f0757d2ff48eda6d |
C:\Users\Admin\AppData\Local\Temp\KUMC.ico
| MD5 | 2d56d721c93caea6bd3552e7e6269d16 |
| SHA1 | a7f0d3d95a19f61d30b9e68b0dcee7c569249727 |
| SHA256 | f8e8be11d1062a945187b65fc5e5b1500bce03cbdbf6f4af9404b649aacc2aa3 |
| SHA512 | c01d86c43876fb8eeab79b72380a00f095d95c3047f530b777ca89d309e7bd797bf83857beab29527eddbbc491da3edd95ba343f6a0725cc565015f095cf0919 |
C:\Users\Admin\AppData\Local\Temp\ecQq.exe
| MD5 | 9be668b368e9b60c7c4a8429f3a94dfa |
| SHA1 | 77188ab99cc755acf269d893441a6a220f718484 |
| SHA256 | 98d6d719681f40a87aca0cb6706c29f85dfcaaadf6d3b25374df46ca27b503cc |
| SHA512 | fb96f211c03ad78b78cc15822260bf56810cfcaf87b31b128b65f7c429675716591af1dc414b1344a5efcafcb9a22685b75e5b997f0ff1bce73d14e71af31b72 |
C:\Users\Admin\AppData\Local\Temp\qIsY.exe
| MD5 | c3db2f3c971c7634ea4b729e20660973 |
| SHA1 | 5b4bad74dd2f902f9b55107d529d19129e7cbe9f |
| SHA256 | 5c579d99c009c39274691858b78b93b2ad360daba3c4ea00404e22bff2af2fba |
| SHA512 | 2b0d7d0905d633f2059f3bb8a0b826719acc3cd6ab4a070b1c82dfc629d1a6052c8b3dfe00fe67690d6c90ef8284dd07a218ea5c1133952dc94f61d22f07fecd |
C:\Users\Admin\AppData\Local\Temp\Osca.exe
| MD5 | f93ad92629492c3aa5707673f6ac8b13 |
| SHA1 | 02007ae7576143cdc56dcfb72cb0654d178dc0ac |
| SHA256 | 4e1b91e78528c36f0da4fb40f73c46f93e2153246ac8cb8c09d5ca8d6266476c |
| SHA512 | 026c3f56c60fd9ba033346a60b885dcee0a10135b2ff1b30069d9aabe66f828f166f5316866e2d5384d07f89639bac39bc468a6ffecedceb1eb79eca581719c9 |
C:\Users\Admin\AppData\Local\Temp\IsAc.exe
| MD5 | 30b5de7facf1654e0cdc156eb5176abd |
| SHA1 | ce349238500f34a06fca2d5c8180146f437a2c7e |
| SHA256 | 45c0059b5364203c64c4291ba07b13a78a6f6a67e111619082854e0cc605489d |
| SHA512 | d2cf010a1a15682fe4fe5c9ed9239508db15d4a48b9ba6e1465cc901eedc97385811d7da8b194d4c682a326719291344e1a4a3385f5fe49ae9c4d7154778efc1 |
C:\Users\Admin\AppData\Local\Temp\aMII.exe
| MD5 | c0cef227cd6067877e9c073d295147b3 |
| SHA1 | 4d04d494fa0ad96984f4e49a9468597d04683196 |
| SHA256 | c2235031f77fbaf37811a0e9b918a436aa0cc26e552a89953ca93967abcab249 |
| SHA512 | 32dc2ac841b5b9d9241f734cbc82a50b94a40d9c48179c92347519a7ea119cb6ffc3fbb7bd217bc63dc29e953a7e5fbe09d75295f1cd23cbd4203dfb6fe13a7c |
C:\Users\Admin\AppData\Local\Temp\woIc.exe
| MD5 | 557036cebc2c8696fd0d770a55ad852f |
| SHA1 | 1d994026dfcde5bad95462b640883b8a42a5e01f |
| SHA256 | 33b52eabd858ed5b28aa5d43e3024b3b8803c90160b3f16a97bd79c947c3a9ba |
| SHA512 | f530abb21d1c7b3957721cd38232af4884e29ccf39fbedeef8b4f8f715bc9744a98e60e0e4fc412cb6e677295bbb7a49c3251ab4c2653a622daaaf987b5f4f23 |
C:\Users\Admin\AppData\Local\Temp\wwoM.exe
| MD5 | dbf2de2fadddeca010288fd1bb665ff4 |
| SHA1 | b084035fd78d67d432e90d1f19d12b4774f1dd8c |
| SHA256 | aa1769b961a0aaa426a2e1ae0b5b2ca7c5bdf50f061411dadb6f95d826176798 |
| SHA512 | 423bd1393b18ba9191cfb7ec6f9e8d47fd9bb21e876bfd6b110e2b391791388da17f945b7506006d4cb77953d1f1dc8aa0a20ec69abe22ec125119bcc9ee1a3c |
C:\Users\Admin\AppData\Local\Temp\KMUA.exe
| MD5 | 54477edee9b1ffd2a5b2a030aea9a34f |
| SHA1 | cd3ca2474ae2de9d9bc695ee7b7f852a3948ea8b |
| SHA256 | fceac7b9910f93daf5f1ac58a016cb3ee4817739db0a88d44213a1832ccfb1c0 |
| SHA512 | ef5fcfc72c9f82c9dcb7b01bfb57901784e5b2490afdfd0a03cb214e0b759c5702fece1d46b260938fb19264f4978d0d7d6805d0e00f5d25648ad76d9e91cf88 |
C:\Users\Admin\AppData\Local\Temp\kQEq.exe
| MD5 | c82649257389869ef81a851ea268f317 |
| SHA1 | d454b43bc30a346035fc6f457380ec29fef22458 |
| SHA256 | 2453098a18963d594566ddc75fa03d6897bd16dffc3d4423e094e589cafa54b5 |
| SHA512 | 8ed11a662b48dfb4c36e30be755a693ff744d02622ac2ba096776bbeace5661786150bf65a87455dc0e1ea76e9c28ae80372b8db1900e12cb07dd90202d928e3 |
C:\Users\Admin\AppData\Local\Temp\UMkM.exe
| MD5 | 757ac4d3a2a322e8e9e14470ae685dee |
| SHA1 | 72d7d676a7ddfb6dddde3ae049f04080ae1bd593 |
| SHA256 | 467e8f7b2146a4529b3edddf6bf4bb056a18da6c3a772c6c44debce85de8fbe0 |
| SHA512 | 3cabb3c855930bfa46957261c52e80d4b3e172fc95d72123aa0fc35c4321fdab322064a32caed5988e6c8b8a9929021ff286859c0ac28fe964a61e15552c3bbe |
C:\Users\Admin\AppData\Local\Temp\uAMS.exe
| MD5 | 7148d0ed019e5b705361cc8c846659b3 |
| SHA1 | 92d6d6bc93566ca45b1d5073639c26b9c3624908 |
| SHA256 | aafad4eb00d0508de879818102e47272b05b47866926723eea2bb3502dbc36d1 |
| SHA512 | 4bec9ec90c81c415694e1b16eb2187e3644d2965881102c32e6c78266ee1a3794356dbad420746ea671f6fa1c37700563536ef50d5330060aa86c95e437eaf18 |
C:\Users\Admin\AppData\Local\Temp\kQsy.exe
| MD5 | 87e7ffe1be730431a934e0d266ec9a9c |
| SHA1 | 6ab46fc78d7fc6747f90f52810a7a96161f2853f |
| SHA256 | cc988de5554043d9fd50ca1cb7e530e1d580df13f1eea551d52b8cdc0b376a51 |
| SHA512 | 0a26759020cf9513023eb8e9075403316a00bbf9dbd453eb6261f134de0e7701bbcbd95cbe8367361b32dd0c22fe792d090ec7df41473b2705597d18cf68801e |
C:\Users\Admin\AppData\Local\Temp\ysQS.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\gYgo.exe
| MD5 | 6b9528df1bb6b14bd615ee8b926d8e69 |
| SHA1 | 6b7a3ef734199cc66561709fc77cda3fd1fc0bea |
| SHA256 | b335b168c097aa65577eef9b35814375db220d6787ac96cdbde549b067232284 |
| SHA512 | dfa52ce1bbc6730678d53812f6efa48a159c9d23f1d179069bfec94f70f7fc1e0da2d8ba6291c46fea7a5d7c4472fd8af29028e3ad4564e8ccedd3c2882dd5dc |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 0209580d3a1c3ea7cc919872cab9ad9b |
| SHA1 | ac4d0c0a6e7fc4653cc183ff2a81a78cfc514a30 |
| SHA256 | c09a8a1e93fa848111fe14719f87062ca2c0640444f0b0027c131c07a8d00821 |
| SHA512 | 85677e20d5c5da67a727ae4bd5ede3464ce65c58852ef6e4abb911770b223ee5feab753155e528e4d6199f2a6f04e0fbc0589b185f85ed4c2c11dc3110c79f07 |
C:\Users\Admin\AppData\Local\Temp\IAsO.exe
| MD5 | b20a973f6325230d766c26d6b7b9138a |
| SHA1 | 2e7c7120775627cc7badacf8b98e1456ef42d41a |
| SHA256 | e688a3a9dfa15849428468cb3cfee4da015534d2c0dca2ba8d78749acdfff724 |
| SHA512 | 9219451ae3736f88a87d0d74523e61adb18842b927968b49ca48d88bd403132832c49baf5e06b7f6d02df53d780f077937fbb94b9aa88fc07c9ce45ab30f8538 |
C:\Users\Admin\AppData\Local\Temp\Gcgq.exe
| MD5 | b78a549c18d7abfe2ed8c3832efe9844 |
| SHA1 | c680f6f0cad3ca48b0e079a8dabc5fa16095f025 |
| SHA256 | 175efbed0bc17f8243279fdd9b8c6f3ee3002b34ef189eb348451d42357574fe |
| SHA512 | bab59cb3fe758e2bcda4ea11141b8bb4712162407324d4f4ac2012bfffa2b22144817bb4e9757c7df4f998126b7eb07cd5bda5b0bc38990707a8d41e41a9bdf7 |
C:\Users\Admin\AppData\Local\Temp\ksAi.exe
| MD5 | 7a2f5e1cb3adce02070f38746b2f4c48 |
| SHA1 | c813e67b2cf58006196063f33e4cfd9ba5cc529c |
| SHA256 | 5ba1134bc556defa80ca0d7b4f1af60a7a3517c859b771e51d1615fb1b493d99 |
| SHA512 | 505beebd1b522048d681265c8878f5b106baabba9d0df31ad92979345e67ad356195355d5c954db7b5b69e51017092b934d5241b1dad375a6c20179ceda6d9ab |
C:\Users\Admin\AppData\Local\Temp\gUQQ.exe
| MD5 | cc206a5a23d8af9f0dd5722f2dcaa593 |
| SHA1 | dd2149cf82befd774df83ec00f54917fe9b307bd |
| SHA256 | 8bf4358e505a11509cf453d34847c7b7b83ce94c6a5892380d951f35e564bb2c |
| SHA512 | 22287608767447e82f59c3ad2ee5b0b306da72fce7239faed577551baabb1a1713d0eb4fb72caf5345b83d0352ec0d852ab1c1cb3508d216b3a8a3cfc2ad0f29 |
C:\Users\Admin\AppData\Local\Temp\CoYE.exe
| MD5 | f8aa6a0e521955bbb046bec2732d11be |
| SHA1 | 76735d35e6fee51536f416749f1c1c37b57280ad |
| SHA256 | cc2643bfe300f74868ca2c37b53db0eb0400b46df7462ab233af7b0225568dc2 |
| SHA512 | e50d4b4a1340e2c4a186f3f46d4275555e9e16176fc904a811b89a8a35f24f389c4f2681e85d3e9572850e7aa59fe68001f629a214b428b6c655574c4b6d93c3 |