Malware Analysis Report

2024-09-23 05:09

Sample ID 240613-blhapsydpg
Target 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
SHA256 9bc173433cf3f10f49da56f3549d7a995164a16b98009e1af072ab0e894efb96
Tags
evasion persistence ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9bc173433cf3f10f49da56f3549d7a995164a16b98009e1af072ab0e894efb96

Threat Level: Known bad

The file 52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

evasion persistence ransomware spyware stealer trojan

Modifies visibility of file extensions in Explorer

UAC bypass

Renames multiple (81) files with added filename extension

Renames multiple (53) files with added filename extension

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Program crash

Unsigned PE

Enumerates physical storage devices

Modifies registry key

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:13

Reported

2024-06-13 01:16

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (53) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\ProgramData\XaEwQkks\pcgAIMok.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wckIMkwA.exe = "C:\\Users\\Admin\\IgIEoUEU\\wckIMkwA.exe" C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcgAIMok.exe = "C:\\ProgramData\\XaEwQkks\\pcgAIMok.exe" C:\ProgramData\XaEwQkks\pcgAIMok.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wckIMkwA.exe = "C:\\Users\\Admin\\IgIEoUEU\\wckIMkwA.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcgAIMok.exe = "C:\\ProgramData\\XaEwQkks\\pcgAIMok.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A
N/A N/A C:\Users\Admin\IgIEoUEU\wckIMkwA.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\IgIEoUEU\wckIMkwA.exe
PID 1676 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\IgIEoUEU\wckIMkwA.exe
PID 1676 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\IgIEoUEU\wckIMkwA.exe
PID 1676 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\IgIEoUEU\wckIMkwA.exe
PID 1676 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\XaEwQkks\pcgAIMok.exe
PID 1676 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\XaEwQkks\pcgAIMok.exe
PID 1676 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\XaEwQkks\pcgAIMok.exe
PID 1676 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\XaEwQkks\pcgAIMok.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2624 wrote to memory of 2100 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2624 wrote to memory of 2100 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2624 wrote to memory of 2100 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2624 wrote to memory of 2100 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 1676 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 2420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2700 wrote to memory of 2420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2700 wrote to memory of 2420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2700 wrote to memory of 2420 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2100 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2644 wrote to memory of 2720 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2644 wrote to memory of 2720 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2644 wrote to memory of 2720 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2644 wrote to memory of 2720 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2100 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 2100 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 1456 wrote to memory of 1788 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1456 wrote to memory of 1788 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1456 wrote to memory of 1788 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 1456 wrote to memory of 1788 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"

C:\Users\Admin\IgIEoUEU\wckIMkwA.exe

"C:\Users\Admin\IgIEoUEU\wckIMkwA.exe"

C:\ProgramData\XaEwQkks\pcgAIMok.exe

"C:\ProgramData\XaEwQkks\pcgAIMok.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCgYokso.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAsgEEoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGsAkAMY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kGIMwAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jwQYsgsA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nsoQMkAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYwgUkUM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISskMAsI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iwQMYggs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ygEoQYco.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IisgcEcw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qegsIIIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\rWkQUoIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hYAMsEog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqAMoIgY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\BUsQQgcA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OoIEoQIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkgUgsAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyMAwgkw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ugAEMcQc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DYEUkEcU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeAMkooY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZegUEEgg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nagUMooo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWsUsUUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCkckQIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYkwUsYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkEsckoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIsEMMwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYAskkMA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgsEYkog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOYUsYAA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lYcwAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UWkgIIYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\QwoUkMIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mYIAkMIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WiEoEwIU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zQogEIog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HKcYcYkU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIksAEIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TmYgYQIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xQwQIQwk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\mGMIMgIU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUgcgUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cAIUoQII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycIkAYQE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcwQoEUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqsoIoMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYUUkQAo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgssIEUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OUEoMkQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WSAIsIwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKgcIAQI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yecEMgAg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FqQokMQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vMIUQEMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jMMUAIcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgosUIEk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\EgUYoAkE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywocsgYg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MQYQIEwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMgokMsY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMkkMgcE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\xIAAkkIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zOocIAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\boYgAwYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zGwUMUEM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiQMkgcc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyQsQEAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKYIssIg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoYsUYgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOMAogEo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\REsUIkYU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcMgIAgo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HYwIggks.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bsUUwUEY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gqUYIMAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGMEIMkA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\OIMsoMog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGoccUcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCwkckwU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ruUUQIsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGYAMsUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQIookYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWgogYYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsYMgIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iWQEoUQE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAUwckwc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuwUokEo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCgYMkog.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XegkUoMw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tAEwwgwY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgokUUQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcccYIcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MmIUYkIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\WIkgogsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKwEIIIA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\lMgIMgAg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\twIowckQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vWgYYcoo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGIssAok.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCUYwwEU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQYsUMMU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\yiAgscYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgMYgMYI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWsowUAU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\hCgIEgUE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\XsYgsoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\raMAsoMA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\HuoQwwAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWwcIkUk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\ysAkQcAI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qgAAQUIY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\MWcosocw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSMgUowQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmMwQgos.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\JeMkgUgc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TIAkEEkg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\jCEAMEYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAUggEkM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
BO 200.87.164.69:9999 tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

memory/1676-0-0x0000000000400000-0x0000000000435000-memory.dmp

\Users\Admin\IgIEoUEU\wckIMkwA.exe

MD5 244c700b4d7ad147d4a2c23afaf0bf3a
SHA1 50ece31463ae999e92bc056a998f8ec527227dcc
SHA256 23cad99ef5d88c0233ce33a390f4d54291bf095f2aceadf6cc77612ecc175f7b
SHA512 296d53e516f54782a1e6a5ed7f040440c6c906ef25d87e4674c8c5bfe974acc6151a2c742f1150a11cd1a896dd81533afa20767c5777e9aa8e65793659311a5c

memory/2596-31-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1676-30-0x0000000003DA0000-0x0000000003DD3000-memory.dmp

memory/1708-29-0x0000000000400000-0x0000000000431000-memory.dmp

memory/1676-28-0x0000000003DA0000-0x0000000003DD1000-memory.dmp

memory/1676-27-0x0000000003DA0000-0x0000000003DD1000-memory.dmp

C:\ProgramData\XaEwQkks\pcgAIMok.exe

MD5 9da534ae07240a20855d4385b3b80758
SHA1 60a66e50e511e4d6014acb455bd347d84db15f24
SHA256 d8c44ad3b9df8072ccb78d2a2dae0fd08f93c68133fbcafc9788e6add683b291
SHA512 eedfcd7a7c1904ab15331ce02151f789038dc1fd46e1c77f800a44809fe361ad0c3b29c7f1282252ea06f527b1114b58c887f40b5b1e3e7c0ef9dbd50794e0b2

C:\Users\Admin\AppData\Local\Temp\qIAUEMoQ.bat

MD5 ae211033365af8170cf4a80689101a7d
SHA1 02719aecd559c0f2ed4f439ea42130072b8463ad
SHA256 e7f320faa4ea61cb6a31eb92d23d839e097ba211a537b9184bebdbd62b946997
SHA512 22a88ba2196f625523ae019b4792f32c0d0b837d49e3f6d178b16a40f6a8bb2a7c17b704337989a735a95b32cd138dd05322f8f1958875d04656b133e8f38a66

memory/2100-35-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2624-34-0x00000000002E0000-0x0000000000315000-memory.dmp

memory/2624-33-0x00000000002E0000-0x0000000000315000-memory.dmp

memory/1676-43-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WCgYokso.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

MD5 2cfa6796fc3ef55c4c52c89ffee69a01
SHA1 27f7ec659a880adc68377806cfed8a19a83d7a19
SHA256 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA512 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610

C:\Users\Admin\AppData\Local\Temp\geYgAsko.bat

MD5 130cb2d1b9e82c1a8a710ae4e2dae280
SHA1 29920d8f5114c891630da7efb48d3fcdf0618efb
SHA256 364dd9b629b4fe1630d4d5d870295627f214bba69fcedccba4d2167bc5760702
SHA512 e4ba40f76c434771445f3db35a0257819418a377899118983706501b62a8a77d625acb243abf4692021fd1147aa8354884f3a9a671752c7fbb2eeb404d496b32

memory/2720-59-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2644-58-0x0000000000380000-0x00000000003B5000-memory.dmp

memory/2100-68-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YcAAgEoE.bat

MD5 cea8475b0424ceb3a82cab74ef1afecd
SHA1 05b3ee57f84492d1c93fb69a00aedf8399d71ec2
SHA256 b85ea0911ed49b4494dfe83ff9525445c1f1d2420b02fe6b059a1d71847eed5b
SHA512 983f52516c62b18b0e2c0e82201b30056e7d8c5b47092d65e598b9cdd87293c900a5b1a6262e014de745b71f7f3c3b17640e7592d68c362d0b7c977cfe797113

memory/1216-81-0x0000000000330000-0x0000000000365000-memory.dmp

memory/320-82-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2720-91-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SUYsccsQ.bat

MD5 e356dc475c658eb6da8f3927a0753e7f
SHA1 4687047478011a686c164b60819965f46316efa8
SHA256 3257e5287bb8d675c0ed9cfcfe900ad3de1a61a4c38f7764ea1f8975f742be1f
SHA512 b49c57df98e390d311cad55cafc31158e74ab932a9a3292ce1c31961ec89830615849460d67f75406e79ea81ac57ec9d01e0cdaed04cfe6e8b700ca727d239ec

memory/1164-104-0x0000000000780000-0x00000000007B5000-memory.dmp

memory/1164-105-0x0000000000780000-0x00000000007B5000-memory.dmp

memory/320-114-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hMEIAkEQ.bat

MD5 431ab4fd3e1c3625de2e60e45eee5b42
SHA1 275ff27a9ce258ecb699ce6adf169c0207fcbbea
SHA256 ea6972d09e4086ce70fab72e1dbae864676c70bbc4dc30b085bfc2039f7a39be
SHA512 f03f2b9509c199a7bf9b09ddd4924e2215ebebfca8245f88ebab788bbbb10be72e154d930684ebceb1fc6a0278562ba97ebf494173e6bf6d360b5fccfcbeca91

memory/2400-128-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3024-127-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2800-137-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vkowQIEQ.bat

MD5 7c50912d8c80d7faa5dca718d5e48ceb
SHA1 14e5e1c3660bda242e377e7f66177288c4ebe72a
SHA256 b640fc8896ff2d54b8d10f09956d40ef6b8b9ed0fcfc9a9d5f2254fc314c69e6
SHA512 dbc0a2fc9ecd07512aeef404e1e12c9d9602300962277c74afe058179b534887e4fcddac885ae7d03931e90b67945856607d0973f1b02e11e3cf0ae166743044

memory/2152-152-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2400-161-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XyQwIEYA.bat

MD5 425e165e5c40da5f2d67cae87e817feb
SHA1 dc26adfccb880582f6da6578d6f8aedb8d67573c
SHA256 1deb91c1c301325e09b4757626b27a20651d238ec5dabe64cc622060b6abd36a
SHA512 9fb350fe166cab94bbdf4c9d255020f83e2204ba08f323df5268c67a94c7cb39f2490d99c69f9417487a4439b7b70ae40956caa4175d77d86c69d1125659f8e4

memory/2580-176-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2452-175-0x0000000000120000-0x0000000000155000-memory.dmp

memory/2452-174-0x0000000000120000-0x0000000000155000-memory.dmp

memory/2152-185-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dsYkUcEY.bat

MD5 1ea06329abe0c96d88e6e0fb6ef8a08e
SHA1 ab8912b11e8e1ea4c9957b2783314a67f4e3b6ae
SHA256 a2997c42998efa7c7c0679bf9bbb5389ce5e39a0891655402c3bb30a3265ef97
SHA512 04b9a2f2e1892c26d2ea9443b41e4df989344baaa1407546088b8577328f877b68d4cb30ccb5dfbef5c6ed87fe914f1b42693671b02d3efe97bca58c7d63898c

memory/2208-199-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2884-198-0x00000000001F0000-0x0000000000225000-memory.dmp

memory/2580-208-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GmYgMQMA.bat

MD5 67bc42b7faf25feef6f1e80eaa9b3488
SHA1 082e866eb3ccbacd5208db5523828fca61260b97
SHA256 5e08a2482a520ef162b0160faddff038d6191c118c5ae6e0abb609c0eb6f5147
SHA512 bf270173bad2178642596be2bef93a54fa0e13500ae5b7ffccf7279cbede79717cc1ca51b5cd409e0b71f40787db581cc1e1e43e3540e07bae692b2a6c29fab6

memory/2712-221-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2208-231-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WAEoAwsw.bat

MD5 58fa3cffc21414e6b11814b29030ff32
SHA1 7085549b6b6afe6702dfb5f947217b4be5061dc3
SHA256 06d5e441fb78d36054fcfb3439b802f013140fe62f748b245b7dff85c327a765
SHA512 17a2bbab360b754f611e463f7793cca66f57a65cba3457a227fb76773e150530649e7a3d4802c7c46c05f0e6a21054efcb64d2918e6673b15d395bf91cf63dd3

memory/320-245-0x00000000002C0000-0x00000000002F5000-memory.dmp

memory/2712-254-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KAAAgsoU.bat

MD5 f252b1d490e5d849b836b4857f3e2e1b
SHA1 8cf9b5cf026a4c98c68ab38a62425fc073d92ed2
SHA256 bc03213b1c5d78bcec37343b452c871b75dd687aa1bc20409be2b1c2cf652e3a
SHA512 8701341eda0a83011186a5cfe965368997843b897157203af08f7406b994987ca37e7c2109e8ca4913608f9edc803f653dacf8a63ace245e45b7f3b48bc2d7a6

memory/1528-269-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1980-268-0x0000000000160000-0x0000000000195000-memory.dmp

memory/1980-267-0x0000000000160000-0x0000000000195000-memory.dmp

memory/380-278-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kowAcoII.bat

MD5 8a55ee15e892f45e547227241116466b
SHA1 48bd323031596361c08236dd70c780b735cc0b88
SHA256 76fe5b79f0eb5b1463c8fce4296eeed72fef6827f891490aa5e7b6533a11ea9a
SHA512 62c5c81afa3377ad6fef3dfd0138910c0c9131c3ce8c9b88c41ac9404cd826fbf398a4e2bb9e59d64edbe3bc0a50e7f9b2eb87a149aeee1591f7c2fb784aa439

memory/2572-293-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2400-292-0x0000000000170000-0x00000000001A5000-memory.dmp

memory/2400-291-0x0000000000170000-0x00000000001A5000-memory.dmp

memory/1528-302-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RiUkMwoE.bat

MD5 7fc9b8f5c0de66e2a31108b5240679ce
SHA1 833499a3377ee6aeed62fc1c669a676523d8de98
SHA256 b32bcc4af7f4f532526145cc2d978c7b699b440891edf83b93e5324e60c4c657
SHA512 a86a42c999b58aee3e8e87be091dfe67b6b0d2d27b4bf5d25a0ce18ecad58f7766345dc84fed677efd906f4eb45ec31625808ccd0ff20d1f62316f47cd6812ba

memory/1804-315-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2572-324-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pMIokoQk.bat

MD5 5ab8cd6cf4e55b37f0fcddc06c9abd55
SHA1 3a3aa85dce3018a775f91e87210406b1575a735e
SHA256 afb6c9814c6fd072f16d3737e577cebf720f0d13f721dca500e775dee245893f
SHA512 bc77457d68780d0e3bf8689f5af495a886f732b22b611c5784aeef3bfc98cb1953c826746da9cfcf7d62cecfd1c28813b98df58ed1cf80ef3566200a6ee1b394

memory/2160-339-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1248-340-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1804-349-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\NCwMMAUI.bat

MD5 426df76d6369909167c757c56f28ddc2
SHA1 e5595bf3ce994840c27d0bbea3a0e678dcec73df
SHA256 79e9fa13a616537e7a316ec181985a69bd04c421e37730718d45198c53fa2911
SHA512 e9dcea7b20c04a1c6804ed7100e562054c3304d03bcfc73682ed5ed5117662b890528c3ed0f8259a599bde315f2552e03e9fa65166b6c3707e04f5c529208d05

memory/2912-362-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1248-371-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jCoYQQMQ.bat

MD5 4ed8396749902d9954eda47aae558ebf
SHA1 93fe4051fa2f662695b6d8b5cd4fb55ec98acd04
SHA256 10a540e4a73bf0c1114ae2c72616ab378bf0b4a4c91e168f93a78043c9f133c9
SHA512 2db29e8e54ac6b3949309b95e4d2b6472b411d597acb29bcb9eb75d256428233c6e99c02d3cf14eda14d15c9a51069c3a434efc078e25bb874ed2fd4733f3bc5

memory/1308-385-0x0000000000400000-0x0000000000435000-memory.dmp

memory/412-384-0x00000000001F0000-0x0000000000225000-memory.dmp

memory/2912-394-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ASIYMEMg.bat

MD5 74cb3b0785a4d5ff32ee82d4f9e8284d
SHA1 3b6f458972050146846f477c5d17bc559bc92745
SHA256 2ba563c8d50b66fd744924b4c8f6930a7cfe85705b9aff8e7728a90ebeecc592
SHA512 4b64436445006201e65e4733d30fc5b63ff767b251ba269783354d82c9b6271adcc73865852a648b2966f36b3493bd2633d409617ed0874da4c8d7885ef80a45

memory/852-407-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1308-416-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MCcwoksU.bat

MD5 cd33239c33c5c8d248e7649210ddb103
SHA1 7c7f7620488cb1e5dc038da771e8a02992f5b998
SHA256 b61f3ae226bf03185179e60759347d3447a2845633ed9e98d7a59a2696de374f
SHA512 215d736fc8ba0f26697b3c455b258d844606f01a16ddb64925b1054dfc6bd25e0aac986ae4a5241e9e09b972850ea3680565b1473f132682c929ea7bf3a3aed1

memory/2616-431-0x0000000000400000-0x0000000000435000-memory.dmp

memory/852-440-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GaokAQIk.bat

MD5 593267432d3d09e45d09cdabca59de72
SHA1 ff013aa678749ff0342521185d765d8a1bfc1d26
SHA256 8137f958110cd708836515edcb5f7673959677970e630926f76ddadac8c6e17a
SHA512 2df4368e5c0ea8d002b439e13a16b7e04f55e231862821d1368b71af432d705b8bd5a10c6e671d11bee44d1fdd4550c1d0f3df152c902ddf682050da42bacd1e

memory/3024-454-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2012-453-0x0000000000460000-0x0000000000495000-memory.dmp

memory/2616-463-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\sOIYQsEE.bat

MD5 6a718a4a9bb85a287d2d7d7e79cd814a
SHA1 506e57ce1825f87cd73464debe2d0423d8e19d55
SHA256 a36ebb8b657dc2765bf3388c125f090838ce6100562802fd9da16e5ab10e7064
SHA512 f5b4957dfd484bd950c3c8d4f7d271118fe64475c4e2a8bdec20ea0102690130929310fe24b5a1acdec1adbcf6ab298a022e9227eca4ec4decd666fa16cd183f

memory/2312-478-0x0000000000400000-0x0000000000435000-memory.dmp

memory/392-477-0x0000000000170000-0x00000000001A5000-memory.dmp

memory/392-476-0x0000000000170000-0x00000000001A5000-memory.dmp

memory/3024-487-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nuUUogMg.bat

MD5 636c061fbcf6a581fa07667edbc856eb
SHA1 bedda269317ff5d788659a44829ffcb1d4fefb24
SHA256 cbd5039797ad9f38a9ebae20e3a2bd388f4dcd4e6e76a2b1e9b2bd8e8a54424f
SHA512 7bba394a0ec5826218fc06bb2a16099d65a9498e73fe67d529be533bb2aa54081f198d9a28e80ab622a40b2160f8e8a0aa5b52a64b284149f4e23e124af6dc77

memory/1260-500-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1452-499-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1452-498-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2312-509-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lIcgMcoM.bat

MD5 de8a409e2d1c46c93056c1365e23c93d
SHA1 45e1ad2fbda75ac858b2a4f32af6e7e6bdb19280
SHA256 13d425bac252ff02efcda493724a3cb6150d60bd4ea074baa90d071be5ebe9ba
SHA512 4851461f8f85bb06a76c2ef30155adf9e28e744eaae07b43c9c33842ae126091c8eb0c30fe79dca01e5e165ffb5f3b74ec047591de8ea9e0458c81cbd77ffef1

memory/1104-520-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1260-529-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zCcIoYkY.bat

MD5 4e462cbb6de60cf6b4526d305794d9a9
SHA1 825f8345e86edea0f3e1dc6caee5b23f0eb0b7d6
SHA256 ff1a67c2e317dbbfedf08fbd51eb91dd45cde2eb0aa3385100a9ae589dc1ed30
SHA512 bd33db020824a1e3fd797cd43f74827e8dc0bade48da00128ad2cc2df6052c47c4a88935506917f1e94bb592f20b1628317d4cedbee6f5a17cff6190aba291f4

memory/1964-541-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1724-540-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1104-550-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fIYswYgY.bat

MD5 01941c0f4df9a3f1f85e5947b40f17bc
SHA1 c2cdb37f69827ed79bd22c1cee7b23f284bd38e2
SHA256 6e388d179046e70cbe248b52b1967ae33bbaa165be8508dad62c04d0491dd683
SHA512 751940c0f5ff68fb4874db67adf960390421c6d73859c5809148b2194dd3fbfbf52442a2a76d469eab0dbe988c198a7f54e8142e9f2a6cfef5701f8cf2fc9b4e

memory/2664-561-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2772-560-0x0000000002230000-0x0000000002265000-memory.dmp

memory/1964-570-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\NAgQEAQY.bat

MD5 51afdf9538a8311bbd5e9fe764fd7215
SHA1 ad32194f49b2fa0f3873ad3450bb0c2638abe36e
SHA256 c99b43984a83079c7388252cffacd45c39b131cab933f84a3fdbe21dc8fff11a
SHA512 2467f6c36f60bfaa34882c42f18773d23c341bf53466425a5c2cbcaa73e107f1cc998e8c2bac478557dcc51dbf35cdeac93d841bb1df285170cf8ff72aa8835e

memory/2664-588-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\QIAUowwg.bat

MD5 8343a8f3479e4244603aeacf5a30e0a4
SHA1 607aef16fc82081218a27f0b86b724f7355619a6
SHA256 706df04656547acb2f616a118d03160654d785070332430aa73487c2f99e5a0b
SHA512 912919adb677be7cfa97c21cb526be67cf534a229c008e148304f37956eca1d19a89407ace4dc295d39b412a7089dd2ce9c3445670567d4aeb9315e9f56798bc

memory/2220-599-0x0000000002250000-0x0000000002285000-memory.dmp

memory/1212-601-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2220-600-0x0000000002250000-0x0000000002285000-memory.dmp

memory/308-610-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\guYAUkgw.bat

MD5 2ed2696f4eb5df6cc4345b0926e0f6de
SHA1 1ccd14adc404d018c3e008a67915c9dfe64eca82
SHA256 6cdd33727bb3162a9b13090e35496e4cf6f75867faf56c2ab42362e454d38ebc
SHA512 c66fdf5412a4eca918de8df20b572b2b1f4c0ee1fd054cc6ea1268b0a8d501f07e24e96c63ac9a4f4e53369db14643903539fda03461fd0656f0fa487d4ec5a9

memory/2208-621-0x00000000001D0000-0x0000000000205000-memory.dmp

memory/2708-622-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1212-631-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\yOUYwEMQ.bat

MD5 eeb669e6d04a13b514423726a8637528
SHA1 d3ce77b67cc81721846b79faa80f2a7225638d71
SHA256 59751be02b22e2b723e717ee76260bdb3b084ae4ad7e4051422b39446b1d1f41
SHA512 63250a8a43f301ec6429470d4d32741f0f5ce5934357f85a4c4a724f0db0d3c9cea60f746cb26218a3111ea63948d09009de83df6a3344dbe4634b664ef98038

memory/636-642-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1080-641-0x0000000000260000-0x0000000000295000-memory.dmp

memory/2708-651-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OukQgQoE.bat

MD5 0aeb4995a7b39995ab3ed0eee0b11c24
SHA1 fd204526d03310d2260bfd92b06cabfc2260a59f
SHA256 68281450f3c26e946a5462fc53af03ff7387bb7a2ff655d765a277a58d017d97
SHA512 d8464b09260d6bea63808dcfe5d1ee833d9214f8fba73cfb0a9973818d96615de3a9da317ae6caf84326323cff43935228fcec919a2a8f9e5e9bbc52509b7645

memory/1968-663-0x0000000000400000-0x0000000000435000-memory.dmp

memory/908-662-0x00000000002D0000-0x0000000000305000-memory.dmp

memory/908-661-0x00000000002D0000-0x0000000000305000-memory.dmp

memory/636-672-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DOgIUgkE.bat

MD5 102e95942cc40cb73342d32df753fb22
SHA1 40ca96e7b33f3d43491ef78674d7396310fbb3f9
SHA256 a865aa6a9b603a77bb1314536a4ace1e3c9adb8b223ce482d6ba05cab2e4437f
SHA512 e243e82ab041570b373bddc7e20e12ef67dea17408f332a201b070669ee57985c1373f666843c356e77b4091f0a0ba8e94fd50cd411ab185b9734eb1ab69061c

memory/1340-683-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2248-682-0x00000000002E0000-0x0000000000315000-memory.dmp

memory/1968-692-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Ecgk.exe

MD5 1235d02e4619ffef74e107de91e4d8b4
SHA1 dc9ca760d951169f8b5db57d25a9f3918a7ca11a
SHA256 32b003dc697588c3c699f986e17784a5066898d084378bf96d949efda66531c1
SHA512 5eb3269d98d5940ee2db17272732e8dc6cce933961d698b2b750f6989bd5b43bb6c616393408da7bd576f99739bd4c920a75f8ccb34f856b8bae7b37bb9a88cc

C:\Users\Admin\AppData\Local\Temp\LuUIUcgc.bat

MD5 11502e853184a754a3b0c7a2c76a6e93
SHA1 60ed5af79dc3bbddc7dc62f5fd02e17b4f484184
SHA256 e205e3eaf7e60958c13cc1f7f3d963ffc5a3662684db4026f0de8777cc3dda70
SHA512 d993ce069960bf841bf4564c00d61c7316971fb2525281ac811e1ffe52f16064cd617700f3f249b92c7eeebd0f8e742b4e08f58a1680fd16020f18687fa1d553

memory/2196-718-0x0000000000370000-0x00000000003A5000-memory.dmp

memory/872-719-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BIQosgwM.bat

MD5 ac63121be612c2c94a9194cad3146cb5
SHA1 a3d3f0d14cef904ef60cc8a057388e337cce9410
SHA256 86230fe9129498d2c63f27326a613f6b44f62044215dbc7b7e1ec9d0c3131656
SHA512 5b5ec4d1b6cbeda0e66fa86bcb9917771526dae62bd098ff80b9b857ec3be02136583dfd423e6aae6fd7a01ee54b8c01424ac9e60395174ad6891510d1a0ae71

C:\Users\Admin\AppData\Local\Temp\nSswcoUE.bat

MD5 49bcc1a6424808894dbce1061c550048
SHA1 aeeef76f258317a6b75e3e28a6e58b7a94c39864
SHA256 5bdea49a1c38be81a8b1adf769b47962dcaf41411ef83221d53682424361749e
SHA512 580f911f4eb04b4655a23ff82b8702c0dfb0ed70cb8958199ac76e34bf3f82ad1e4e9e49f5ce8f2cc7652b20a792eb88862775675fcb7254889749801d800f20

C:\Users\Admin\AppData\Local\Temp\CAQkIoYc.bat

MD5 b625a5afe93c247906662eb8165e2c84
SHA1 c404ef95fb4842fce288c3ead6bf5ed1c0c40a11
SHA256 02839794c2bdac395cb2f8a46e80d618e23babb54f1ac3926061b83bf7670a49
SHA512 03473a4f0b712681a60d67c0efb6534f712bd060df67c0655d59fe980df1cb32250ce39b753691a1f900a7606fb6a3c877ea2348474ef8a4e63c229fd1adff05

C:\Users\Admin\AppData\Local\Temp\uAgUQYoo.bat

MD5 1ab388b05f25f73cf411df9b0672087c
SHA1 103f73318859ca7cb8307545d585b2534b5b913f
SHA256 e338625afc12aec2128ea764eccb688830cfc56401b95b03232d2097c99965c0
SHA512 91e68f0147cfe403c81abe04eb58a0d9e951c78812731ab3d5690772e596663d4506b91c345d5f22b957906d9a426adb39ef39b7c6617dd96b2e6138718b1865

C:\Users\Admin\AppData\Local\Temp\CMAMgoIM.bat

MD5 b4cfe23894071caa0b5ec321edb73e4a
SHA1 946fe4a17a1e012603f53bef59eae88dce38c266
SHA256 dcfbde3891e2a52c828bf05dedee28848d72ad2cb460021ca6e9c04d9b35b7b2
SHA512 b537bf710ace2c8846370c678dd703574a3c4e9198d838b10c038fe0ba7e039c655e76334fecfe0008bef3164fbe6c1ed7ac52a39a8cc3bc5afc7fbb2641bd44

C:\Users\Admin\AppData\Local\Temp\OicwwkwE.bat

MD5 d3f705a8ad184b1a465ee215266ccda4
SHA1 f1f64ed64b3af9a0714b4440d06563778fdd94de
SHA256 28997b8d7f9b12e5ed9467b3cad3d52950923fe2c4d9dd21e56672ba7573e24b
SHA512 9cb0df5c6a372f226921428c3aa72384260ea4f3b5ac78971219f7cd3a7868c44987ee8f2a86492516015f488eb2798bcf8fa13851c0de7f34846c8f352083b5

C:\Users\Admin\AppData\Local\Temp\VUMgIoQE.bat

MD5 424807df36024d70965512b20c0da0e1
SHA1 9a7f11cceb8907c6358cb050c78d291458691db8
SHA256 d9f6a406558fed6fa0a4a445d3e9aaa2072981a4e1efa8508efbdae0fd487974
SHA512 f07b4f28acb34df252d8d29c9674eddccb59bea73a65238baaa8dcb903b749fc40c4c57ad67cdf6b1043bee6caee9c2f533544670c10a34b75f3e4ed6554f0e0

C:\Users\Admin\AppData\Local\Temp\pIAgoogM.bat

MD5 ca1ab748c8bfbc36d8e7f102793e276d
SHA1 e8bb666868d9ae96466b2243582b3dd192eabac3
SHA256 b810e8a60dec8bae2c87247f14ff8c0a62dec2815527aed9bc11a2069970ca2e
SHA512 5c64c2eb52dc9f6cddd84e7e03b85017ecc37eae9cb814b2886aa609306235d223d9c9996885f5bf85346dc724ef90fbe5f918e74f7ada8a66a13fe2f89620e3

C:\Users\Admin\AppData\Local\Temp\FUYwwsMA.bat

MD5 2895d1e4e632169702bae8ebca2eeb27
SHA1 b8072a70ed33c9a6962c8bd838bee3e380cf7a95
SHA256 68870d3608afa414ccf375d74192a09472e2f1956b908465533492a86a0db458
SHA512 e446f0c62bf9799aa1a1e9fa8e680da2f7a4f2b73ebc192636167c114b4c31f6df72eeca7d923d0ab722465cf0424bd984364ddf7ed6ed37e1ef038ba76d96a7

C:\Users\Admin\AppData\Local\Temp\PmYcAgEk.bat

MD5 abbcac6e6bd60181fb2c23a0d33779d7
SHA1 a2ca89384843e24b6850921d866412e63d545be6
SHA256 a5a61c36dc07c1f85adbc3a84e64299770c47acfb40407f5bcae0b91819aa27a
SHA512 48bb15442a0cf0ad0a3caafe01d11121ef8817f9e55bc4cc125effa17274080b19c0f6579a7d44e0974640e6e1e7fcc20f80a708c149c9e3ce272948554b85ca

C:\Users\Admin\AppData\Local\Temp\lWMEcYgo.bat

MD5 751288466b6424286137017548af3c0e
SHA1 2e77f02f65fadb27d0bcfb7fd64024cdd1eb7b19
SHA256 7af4e1072a5102de6c263a5fe0439529c2c60aaa3d0caad275ffa49785fdf936
SHA512 5b91cad851bbc3e9277dcc90b88a4fb4ab4bf6ab98d2ed7696c1fe973ad75261f7ce952b9dcbd05bc8514874b4878a912ed6fae8f6f65f9e0626b37a1b10a246

C:\Users\Admin\AppData\Local\Temp\wQwUUUII.bat

MD5 4d17914bb3e95e015c1a2951436887dc
SHA1 92c72988811e3d959eb32a2f702c635718c8c7e7
SHA256 d375454ed0ac33ff7d8f28af777037f442f62f27bc1ab7a8e6208be652a9b42f
SHA512 9ab78db3f57cd8f402b966dcd565e387ba809d7d5824f56c4d555f0971820a748bcfa546ce2b82e7c5b1f85d4705c07dcf213ccb6b49bd4369ee8ca47e139b22

C:\Users\Admin\AppData\Local\Temp\oqsQYYoc.bat

MD5 dd4036e800ca99d7ceca8ef6b3d773db
SHA1 9af0376304b5dc9c9da20534f51bdfa3b297ab02
SHA256 ceb24ffe1d131a264c151bb3524dcdfb4f7c53ea1e784b5850d71c4465ab6179
SHA512 478b5ed008f67f6b85dbc8b323caad70edf6a96bc9ed05c98729437c08ec741e1f33babded7ff9f015af6a8e8cb721ab75e9fa2bae9b1efb455ebee3caa68d38

C:\Users\Admin\AppData\Local\Temp\ScsgYQAU.bat

MD5 3d339b51e6212f0a7fa94be339fc1735
SHA1 8428b9340b7ec76102761419aea96159ef5fed7c
SHA256 3249fd6073e26eb30d701345ea61738552f709733c2a04f837701f74489c19fa
SHA512 cbd4d96e8e745939cf827f9399b6fbe9e5395fd1372cf4ba56f22a91d1e06d999f294e023a5602056d965df8fdbb9db5629bd7d4087185c42afcd499abdb1504

C:\Users\Admin\AppData\Local\Temp\cokoQcAc.bat

MD5 438718fac0851c1aedc754ea28442cac
SHA1 4a003d740a0baa49b166aa93456d611c4bff175e
SHA256 e473fac5d5b420d5ecad1356a544dbd65acd046eaad84ad21a0af11bbd215c0b
SHA512 c52fac5bb030d07e4721811d8f6ab96b0cdf99ea1ca869baea59ee9ac10fcfa2919639b0ee84c1165b8acbad417fed9cda68bb813709ce60cbc55b190ea45499

C:\Users\Admin\AppData\Local\Temp\JQUgwcUc.bat

MD5 cc14f6e532a32ed2bf38ec5a02ff11ed
SHA1 ab6b3a309b6533533639f62033e23bcf21964df3
SHA256 70ecf294b2d650702811de6303b7a0665ff038eed4e444a062c8be1420a6d00d
SHA512 e015294b528d9af9f8f93d01d09f26f1b4551017aec3532d38bd19bef3ddd9a40a55f051fb0884fb89bfee9dd3a764a7cb9fc99d28118727b26285bffa9b80ab

C:\Users\Admin\AppData\Local\Temp\LIgQIAsY.bat

MD5 1ecb60909222a417fb1e8f21d40113b3
SHA1 8790c7509723e39652f0c863bfebfdcd9be099e9
SHA256 7763855c2f914131a62eea596bef8573d02e66a99932057448711de288213426
SHA512 da45f0aec9a69928f37b5c42d11e947fb43e6ad610327ad80cc7a3775faaa060c137bf43d36514d9a893052bf5d18836dc5dc75fd822038fbef24f34c917af8c

C:\Users\Admin\AppData\Local\Temp\KwIE.exe

MD5 4ea4e0dd54aa31e56983eb5559a8a0ce
SHA1 703a5a4f4d47f6b351dbba1601282e0c6f989f91
SHA256 a70cff3cd58d2ff7734c2c82213ccb440bb4abe7207da5c8bc795bf231f305b0
SHA512 adca13e0f38983a478dab3a1e08c972124644858c844e8e14637cee07440f406ee8e5c7aa5c891caa46ff71850797e3ec2f7073d68661360bfce3dc75e2fb565

C:\Users\Admin\AppData\Local\Temp\EYwq.exe

MD5 a28309be41d6217c311bdff7edc5e463
SHA1 e92ff81342b35025259e31f445dfbea2f852403e
SHA256 8641bd7eb10266ca3c5f1ccc923af7be63da886c2623dd3a2338033ecb6fce69
SHA512 e4f7d2ea4cda6daaaf323e6cace173edb001af3761b9f08e1dd5a710d9aa37197b15e29af8af6d2382b4c46a424c8eef4ac68867761c1fba9cfbe0b4b2dfd615

C:\Users\Admin\AppData\Local\Temp\Wska.exe

MD5 53068da0f45fa43001d62e8d654090ad
SHA1 88ec59e98e0f0668895de87857c1224fa98c7fd3
SHA256 e4a7c42b126da97466affe7d7a36ce1b469b2648af4335805d5c07dd2f959594
SHA512 171780a39e3d235a912dcc49bc5b6be64261bd82c063a024a1ecfb6aa6a65554b4ddfba4523664c04034e94485b485d763f65202d9c7f9029f23771d140a17a9

C:\Users\Admin\AppData\Local\Temp\aoUS.ico

MD5 47a169535b738bd50344df196735e258
SHA1 23b4c8041b83f0374554191d543fdce6890f4723
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf
SHA512 ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

C:\Users\Admin\AppData\Local\Temp\YQcU.exe

MD5 4ff803fe95cf6a83f612cebf99af91ba
SHA1 fc8fe3e7fe93fdbc91a47acd15bce03b10e6b4bf
SHA256 72af48b16022178c8525098f62a4a96ee90fafdad9c635821f305e7eab3df3f1
SHA512 c45b8de8302f101cbcd31b927f43de69d8d2502d8bc06f55d86b3696bdbd73e6540fc48fadc1831623af4ef7b2034bd0b12acd2708d4b9377d9351a3e8089063

C:\Users\Admin\AppData\Local\Temp\gwUM.exe

MD5 559a29c3f0498aff8d19526f42cab2de
SHA1 cc8adbeddb0487e138174e051f62b92ecdcea6a3
SHA256 d02677b21b54192c0fcebcdd3daa659ae8e357d4fd4ab21e482dd47c3128830c
SHA512 7cd6f5d2177605c08c614d4dc021f6ce45efb8c8b7a4b431aa1a1be810663cb1566c1766e180029548b1b3977eca4c71ec026a751b677a7194199f3c0d505935

C:\Users\Admin\AppData\Local\Temp\jmkQMIEQ.bat

MD5 7b1674ae0e038912492842dcd867cdfb
SHA1 c8f2e46af10e98130e95e83e9b5b416213ae5c14
SHA256 7b9ee871cec204300171554773bf30e55d2503e6bc29715625f2bc2205813b97
SHA512 708ac94f6975c9b46d79da9ada775c53c08364e1ef4f4523a234f34776810003184b38752455d966cf7548a230026e33e81f4f492f56662b5b4cdea58b805a77

C:\Users\Admin\AppData\Local\Temp\ukAY.exe

MD5 ff91bc77b1713f3f86f8d953b9002040
SHA1 a251230fd9928df2feee1aa3bed5ca6c38d8fa77
SHA256 2b51cd0c6915b6aa35ae587262bdf60533381b1b3e439d36ca93448739e92f30
SHA512 6fe1029e065f3b652a31efaef975fb3cfee70253c06fee1e53d54f43c402ac58c704544141c8d85f925912a27beca1e3e34a03f9cf4c1aead888a326caf43016

C:\Users\Admin\AppData\Local\Temp\eIcu.exe

MD5 e59ddaf4821706cdc7e718b57d4f7b44
SHA1 0d38a6b3eb1c79ecf49ed20bd8ec5fba78560c74
SHA256 f7463602ec39222e1f130f7b5adc6f74026c0f57987432e3148ad8ed1ef9addb
SHA512 13521009cb7e54be61678593432ab9f0a00c3f3ea07549fa6e9731f66544554f8458cddadaa3a797bede6b4effb436b99d1dff7329f957e7263a63b9b1d217c4

C:\Users\Admin\AppData\Local\Temp\kMUK.exe

MD5 71f035aeba6564a002f80db29c0f117a
SHA1 14d9aeee2b773d62b5e328175b42396e0e488581
SHA256 902b4d64e6b16e4045045d6d7b112ca7ae64e9364cabd6c3106f20f08bfaf585
SHA512 71c390a738ecfa9a83c18cd699e5a397c3b45df763a0f6ff18384c98b2953dd89b638461f005ef2b2ba699ce423039d74d22edc716d694b93e2cabbfdbcb333a

C:\Users\Admin\AppData\Local\Temp\cAIs.exe

MD5 51f1755788a82008f97ef1dfab0805b3
SHA1 74e2d3b24b7b4f7ca19d910a581f13adf79a628c
SHA256 587f1e06acf280b01b5af52af3eaae940db6c53f9db93594270ee60e2fc8ba29
SHA512 24d03f5864c2ec8940cab978341bd37fea67e59f24d30fc8911f0da898b5c28e882c440301f29bb2f21573fe6a8c40fcad3bb4dc9c3ba2263d50527821f2eec8

C:\Users\Admin\AppData\Local\Temp\WIoM.exe

MD5 abf811dc7f10079012a5727bb0929236
SHA1 886f89a85f72ab6423a96f5226eea0c932953c92
SHA256 6c900e6e8ebe43998152487a90016e2ea8259d39af335511ed250d82e4e7efae
SHA512 3b90850432d1f497fd1604eb7d13f756aaa9ac0a53f48c1e014f512c56681e10b90707a72e3467ac00d65a9060b7470a16c00c7362e1eba38d5b3c766191f320

C:\Users\Admin\AppData\Local\Temp\mAgW.exe

MD5 8daadbd3c9c8b9a06babf78ba1db084b
SHA1 e913390f612d53bf6ff17d221db158a5ec445857
SHA256 7c33cb15edf94326b3ad4146dec33622b701c86dd76f78406ebd3a440e5296e6
SHA512 8392126d69cc971e9fdb102c7cf3962027f2f327614e57542b142f5a735eba90bb18ee493b18ccdbe7642faa7ee085f20cd34e0217be13e4a6ea0c5df5b37d21

C:\Users\Admin\AppData\Local\Temp\qIEm.exe

MD5 0125b9842d7839866044e76110d40a38
SHA1 acb36f323f82375ca933c6770f687bd9d74586e8
SHA256 a62c7917699e50d942de826b7d72ee57662e8da7aa45cb80f5b121686a98ee79
SHA512 4cd9d12edff6f27ecae63a6151b4e5c62cc1a1ca3d108bd3b69fd3656b9fdae6de84b80b87a0dc170448617e9750b7c57b903c265988b5ea899b85100f24c8d4

C:\Users\Admin\AppData\Local\Temp\niwQUwIE.bat

MD5 c41db888e8141bcc47c0f0e54521ecf7
SHA1 49e62716eaabda70f672dc575b3bb56f0ce0e707
SHA256 7ed1ce4643bf344893b019f3fbee105fc248af1684f03f24c49b5ef3c4e05d16
SHA512 18d5eb05e74d9af41c46194a7fee100d0bad117c88de1c68aba8e9dac59fd904c81d1bfd0dff219dfcc387b02fa9f6e91d560b94bb113857c7f3f485435d64d4

C:\Users\Admin\AppData\Local\Temp\oMMs.exe

MD5 620dd4a6bf3cd6c87d4e6dd2f19984c2
SHA1 a8279d2946953e66a664a6d0cf7eb7af0a5ba2be
SHA256 13ecf5b45b52d6398c83335c4251d52d73d80fe1f3c6aa9ffe4d3bf75881307b
SHA512 09b1e00cf3e42e361cb73a4589d06a43155a65125ac853c2cf1e69763ca70976ba2d890f2e45e0552acd1c368c4569349604f090d5313fec11dae823482847ff

C:\Users\Admin\AppData\Local\Temp\YIAE.exe

MD5 29553f805ed731d8269769caeb3ed173
SHA1 8a38cf46ec514b170ea0e04f3bd583bd87f220be
SHA256 ec2732862e212ff7cb2d868b384287086887119dd9ca2cd34738eb2d7fd9a698
SHA512 18832ce6cc697f37a71feb733e18d41e5f059fb8e2ecf26cd5ca0d33d439bf7592ecdb718ba4bc46c9ca2e00d52a510eb05abbdbed5c7ab150243825a19d2403

C:\Users\Admin\AppData\Local\Temp\MEgs.exe

MD5 5e543d9753e8fc069486ab27f7192c75
SHA1 7337103be900bef9fa7fff0dcdf351acbc28b978
SHA256 a08f233d6ec8011ac828885dc953c51eab0bcbd64b9494d47913ba444204eec8
SHA512 63d6905babf39de4cc2cd2023cac54bf46df25295fc89c3926bcce3c5a44b5e6803661bdf5fa506ddde9334ddfc7eece54654eaea446591cebb55be1785e8d5c

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe

MD5 ee0be5aaa1bf8a6d4a89e2b4fe0bbd8a
SHA1 9b3bf240b5e3037e419ac51fd876216eb625d616
SHA256 18e25eba1671e2b3d71955f7eea3dca6c1b88f0d186a83e2149880f7ae231e17
SHA512 739aae6396c988cf41d812e8724a0b53576bad86cdae84263c277029b2834351d03583d48fcecabc07fb0cb21f048e7f13c65ddcd721b6b609cd4208b6409df5

C:\Users\Admin\AppData\Local\Temp\KMsG.exe

MD5 efb415a9fc4099ec7408da60ee3a9ec1
SHA1 cf88086fd5ff985c3c3515c93b5f028c93e50ee8
SHA256 1eb080a5726633f0bd7d3595077ebbfb8be30deceb3f5e57e211bf1884f97deb
SHA512 dce1585cf978cd03775101e3963805120e9b83e4d9826a6a3ea790904ad9271f48dbb2460be7628a560f456cdc9a96065402703fe6878d791d106fe284ffb2c0

C:\Users\Admin\AppData\Local\Temp\EQwwcUgo.bat

MD5 dde4748a8e22748d4c1cfce3bdb4d2dc
SHA1 62186b3e1ac8c8826d3310802a709f82b03f2fab
SHA256 0a6983bb4f9215052ff06a6f0fd6a6e424d7825b3e89d9d0b5002badc30e504b
SHA512 f79c4314b4bd2ede99b3ea942605b360352a0c6e515e3ed73f44023801b0d968f5b92758b45912dcb98ec68baa1459f0ee6c5335d03541460738083c66cc4784

C:\Users\Admin\AppData\Local\Temp\YIIi.exe

MD5 bbe0234b80d429d32cb0a9eab8ecc175
SHA1 b2491da417a64cc4260ab0b6761692d612096354
SHA256 8e029ca8a8ca3cc251214cf3d37eee14a2c6fd72152f6bdc1351ce8971e423ad
SHA512 b43da62eb973df9e06c76731ae4cf5fc5816a2416ab47501e4efca13b94fbb90ce163dab0b86608e2b1842f144c98f3879f2b5f4aa969cca916c8c5fe93596e2

C:\Users\Admin\AppData\Local\Temp\SgQK.exe

MD5 325e36c7b17559035c60c87e32cc9938
SHA1 1faf6043f189bb1b2f528528a2bb0085d9336b6f
SHA256 73595964d3418ce724bd9ebc3efc5f13189a062a94c185e7a1353c1ea4b65c88
SHA512 d8f4912b56e95dbadcd4307f4cbb768fdcdb12e401bb9afc5611f66e299b99c4a529919ec5fc33337cbc901bdf1735f1b022719ff7347851fa9e096180e007e7

C:\Users\Admin\AppData\Local\Temp\UQko.exe

MD5 3add9feb3187d61d4979bcfd4b899ffb
SHA1 25a8804bda219b0f726801cd3fc4d469ad730746
SHA256 47fcffba45917ca26529681a2cc2572d2de3cb7ef28a70f194cc1d5108f63a1f
SHA512 76458fd317d5ca36a9ad6f7b157020c9312a8aa2240a6a59be827420778229438217ec246c30d63e5d833d47552a916f5c10f05501be7bf312e82c3e1cd83ade

C:\Users\Admin\AppData\Local\Temp\QUkK.exe

MD5 e3b22ca90bf6ffdc49ad07e38783a8a2
SHA1 6f8c1b50de92d91168eb976a338c2528814c1b8b
SHA256 35b52f195eb52f64660b8fdd937d82177153201a7160e3a91527256c96558dbd
SHA512 592951f643a3e51565e6805a6963753bb0bb2d2b2b22b60ba7e2ce8ce45df28c31e153d8f61489fb02a6a294f265a762a6035a912b367faff9b5313e9305f1b6

C:\Users\Admin\AppData\Local\Temp\ikcQ.exe

MD5 2b019e809e2760535b7884ddd0ca89b2
SHA1 252cd444f208ab328dde5501b72acb6ddbe58238
SHA256 70ee358f8b0395a41687faee4f961a06786edd114f3ab7b37c952bb706717290
SHA512 075fdc6bc2078fa37c845c0c943ffa940e2d7ba91756b8e6b1fa887b196710a97441c1a6956c24352c9aa933c99bc5898d062b575ee3763fb2b4a9141eed7727

C:\Users\Admin\AppData\Local\Temp\QSAoYgEk.bat

MD5 a99438cf019483d9336be1ca7b074207
SHA1 65cba2bcbf6127bb90463be6aeed34df96087ac0
SHA256 be86a71077040b86ca86ea01392bc20cddfc0726005c4524095c367563beb9b0
SHA512 b62353172ddb2806afb75b5901968f43b050c7588f984e55377572097f3e02ecb1d0d99a1ce754645ce56753beab84ddc45a062c4a1d925bd43f2370a0053f95

C:\Users\Admin\AppData\Local\Temp\CoAI.exe

MD5 5b077dd1f50df1fc4dee71cf4cf50ca2
SHA1 08f6a69ae5dc941dc37fae598151b858ad9fd96d
SHA256 c4246498dcc914803ae2f7febd8a4bc40e18ca215486910c53c72d8bcf01a536
SHA512 f24ad99f938f95d113567c218aaff327f204bc497fdba98b66509da1f01a835be4e3b0a92f2d527824f6be95bdced7c79c352ac3d68f2f1233ee3bf6591f99c1

C:\Users\Admin\AppData\Local\Temp\qcgA.exe

MD5 d23d59783947d92ccddb8239ec022e67
SHA1 8c2515a4eeb77ecce100e105fb40fd0e5328c1b4
SHA256 4022ff6f0b20fdf83e5fd10cf7e37c6c0aa88742b8bb9efe099fad08328e67e5
SHA512 5b9e87ade17a51c731bffe92da009a2143609e265e6093f6fb82a967b4d25f6320a926ba63118ff710f6681bcf68792388468d601c05bf43b4c310a46c41cd39

C:\Users\Admin\AppData\Local\Temp\yswC.exe

MD5 a66e82264e224b29447b12618b97f2c1
SHA1 decb970b5b4e572e3df54778e1c129b93d4bdcdb
SHA256 f690b5f4da923757be84f4e65c5546be97e768ad370bc82fd8e077058313f46d
SHA512 99a326b9ba346b649ccdfc5f093e57fec3aacd06475874a48a4a6e6632d59d421983f29eea2383b42b44e56f80a5da9eaa3b6572a24b33938e4814c7910f199d

C:\Users\Admin\AppData\Local\Temp\KEEy.exe

MD5 4668ae2719a69fa93d4becfcb9908db1
SHA1 4e6003e00ccd67eec9a3113b9beef0920dca94e0
SHA256 232ded2cee987df65044566b4e015514ed31f0955ace48fd59ad7ccd8fafff1c
SHA512 77e1ec4e9ada39a64fc77da8ab0e09e07c1ab1c178065735b49b19e22f86efbaef84e3a6e1a87187ad6100a6456a2530deea50958ec04b55d4dd5e30dd7cb99e

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe

MD5 ee8d63a6d243b1c5f9c68a3b57fcfe8b
SHA1 5490ec7e6585d1a14381592883adae229724ac9a
SHA256 c6d2123b6db8c032196baf789c97bea23ee2737a2bfcf843b5812dabcc272990
SHA512 f903e8582be89e46295c38ff17083eb5b347b51195e7d27b29b888638aefbd19db9ac0f01ea1ad7b8f38dcbb76862356048c543627c1658c6d36f2dea0785ed3

C:\Users\Admin\AppData\Local\Temp\QsAgAUYQ.bat

MD5 971d5a25fa983f9ee32ce902c487f359
SHA1 07977cb84c38b7474accbdb28b064ec2ba0ed1fb
SHA256 da66f7a908800c65818690624dc9d7f6d66a01b7ee2f895c8a7bc1d4268cbf91
SHA512 e0e81e82b86892752227d1630f6e143d3dd17491719ae713e40a8bf1daff2c6e0671d6302c98a03fdc8814c4053096c6ff8878ff3144d1cec27c51f08a6df115

C:\Users\Admin\AppData\Local\Temp\OIgq.exe

MD5 d24c53affe529161bb4663656d5f15bd
SHA1 04302e689cd2af21e86f3679a16840fca6487981
SHA256 6bc66dec4265e2a4950bee122d8c5bf432e3e73c22945886996bb6bb484a8646
SHA512 6624cac052adc7b4c08a6d3186b3379818b6b4992d7c802161a09505824c101b6bb99a3ebe5abd5e26ce8e776acbe71582a9272a272c8bb16f0e15398dc80b41

C:\Users\Admin\AppData\Local\Temp\UcMM.exe

MD5 81e0f34410e9817fb72e37d14dc77967
SHA1 ecf5c735b1df2768715a6e6c1555366912419380
SHA256 59208b34ac77ba2dc73066d6f34691c558b52e961125cb9bc01eb5d5eb4724a1
SHA512 07db310a7182c50b4c4a048f02e5a0c2c89349ed4b6e2abba35efacd444bf0d98f2972f985cb6489ab7e08830f08b9426bce8118e30eff69e54f04e25f87c63b

C:\Users\Admin\AppData\Local\Temp\Cgku.exe

MD5 ec228095f578ae828082c0607ab83d7b
SHA1 12086721741de68895629930ced3704ca0926597
SHA256 66742e5464fe5f2a7a76ca0c389b4a55901ceaa0ceb335c7d815a2484b248bd6
SHA512 2fd5a90239c073f4b6bdb070144d76fb7a09d340a8eaaadeaf80ba4328980580be80f58fa202428b0c620f36bbdf7c458a649e4fd1669aa882864f0136d04f4b

C:\Users\Admin\AppData\Local\Temp\MQAk.exe

MD5 9fe3482145fab7361bf27cfe1d81035f
SHA1 f4e16e99017c31f47d68df5470174864c110d1d1
SHA256 ae9b2ca27357ee1ad606d5cf18d7c9ee73f1e39b5b2e8520038d20dda3d46580
SHA512 14e04cdece01f44888c41c20e2be8c0469ac8cbf1df5b4c4d928121a351f29e3e1bff6f0bef12ad441a8889e8a9677d05af38ffd1b0072e680db2db8b4c5380b

C:\Users\Admin\AppData\Local\Temp\iQgQ.exe

MD5 b3ca2c293f897ce0105d212f7c60bb73
SHA1 a3477b628170eac8c4d1bc5f687038858c986b6b
SHA256 9538be14962e85d003c6e9da51601a4b1e365d93f0c3e0c2141ad81ade8e5173
SHA512 6472b6065ca6ee24e8a54a097c8283ce27abbb827e0bf4989a3e0cd2d749637cd7989facad936a52c051671241b07f69df4ec89a5cbef9a0a7fcfb0220707778

C:\Users\Admin\AppData\Local\Temp\koMksocs.bat

MD5 d8b8185120213baf5a59c111fec56028
SHA1 8dbec0c353bc90c4b9bfff0c228724350a07db15
SHA256 d2f5c2e2d228ecc343cbb3c218c3ed241d8321ee3d2aa9faf5c9cc1d7352b45e
SHA512 138609f5a8cda0f91f0a06557f0101f79dbb184d3177627304b1ea2449ac64e959f2594fc7f7651f309bf31a1076308f2ca1546f642c85e603a8690081a99707

C:\Users\Admin\AppData\Local\Temp\OYkS.exe

MD5 7c8d421b473d8a671df8afac50feccfc
SHA1 ba120e490b1c92ec9092cae7298ba644722ab94c
SHA256 af85ef40c1287ebc77fcc0eea291ea65a9100547ebd73b984e049caf7b7371f5
SHA512 99c292e7a9abf03ed804efe1d61bad0750d33d3b6ac2dcf55930601743c184506e530f30ce1dc418733c2233bb34fa3e259539d699d2b09dbe398a6057a016ed

C:\Users\Admin\AppData\Local\Temp\aMMK.exe

MD5 6952b0bcdd6f61bec68c7de40ef8f93f
SHA1 019b1ab52fae301da14fbdeb9f880f5837dbfe52
SHA256 32488ddb9feb34a4ac1a69f6ef5ca13c416d884e6cb388de0ab48a48143a7b07
SHA512 0e2e5d61a59e9fdb0311190ff4a102b493c2e4917f7e7232a7902e9860e23a9c251a650884b2cbe720e49f9c8c4c055892d7e007b6e4517d8135ee05cb0030b2

C:\Users\Admin\AppData\Local\Temp\ecUS.exe

MD5 186599bc262da671eeccc23d43fd6254
SHA1 affee7c19020703ab513df522eff9e5fccc3d719
SHA256 02f1f05905ed2fabe8ea6f2b42665bfab445056be0eb42e43dc9f72edc6350dd
SHA512 43ed5f962437a22ae66813a0af148fc1bef2926c834e84d60bd45df29f35ec6614b668725ddf78dcff6b26671ff5664fc0e5ab01ceadfe568fcacbc8eb30a231

C:\Users\Admin\AppData\Local\Temp\QmsgYwYs.bat

MD5 02dd5352c9e8721d799e6bd07302ec52
SHA1 d222608dd837e7e300cbe7e058cb51095ed0f773
SHA256 b3ead82262ff6d4b64dd963749f2de01a910ab9a2351303553dc186bb72834cf
SHA512 59c479abd928fa5f29a1b52284c8f87d87be10446acf4f5e8a63bef273a19d1a40a6e592d63568f627587f9b06066adbaabcc4d7e41ca2f464a874a0104437d0

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe

MD5 e628a35e2302d5488af22345f80edb4c
SHA1 5d9d929fab03146e61cb7e0c2f4fcda667206030
SHA256 6c57eb8ab26926118d7d0b1d6d64cde5832f18e6269a5594a73b30a252c547bd
SHA512 03871bc7d1f6590867fbd293444c21b6a21a4878693c944d70b561fd82cb02bd1851098a2309105df1434a939580c90198f095f93fc2b9023abaed80f0549e12

C:\Users\Admin\AppData\Local\Temp\SAss.exe

MD5 625189db88750b5debb53a3ffd79bf22
SHA1 90c390ddbc8d0de499c8890a7357c19e14f0d00f
SHA256 eafae4fdab4beb2c50de34621bd42b2371e049915bbb0bbda76b32dc94da87c1
SHA512 9fa1f2471a0c663d054ce0dc15095ba2a517ba499a5bfc738a33c7d4076cd72ca089c74d42a357a3a2720a2ddde0004ddff98b0d1dd23a7ff2695b95d24b58cd

C:\Users\Admin\AppData\Local\Temp\McYQ.exe

MD5 827e01fe26fe05da2239be9c36244214
SHA1 f539dd7cd566467ba518036317a260a0c15f39d4
SHA256 f56a0acd9b362f55a2d1bf48481f6391c1f30e247951a3ae3751727dad70239e
SHA512 28a68013b895734c82bb12edb29649276289592653c1d8621da87e1328be1f951475b8aa5c8ebf2f8539cad197ff58c81566644fed6678227b4d3cfea8f52404

C:\Users\Admin\AppData\Local\Temp\Akgm.exe

MD5 880493777df32ed60ca91c65fa730871
SHA1 0b88bae779f1fd47b8b8ddf4e915767de6dfc339
SHA256 2f1a9113d2358239ecfaed2b4266e7d17a6a28b15016bdd0dd7c9c263ddd35bf
SHA512 64e133e2e9800f3f13562fca74f614ff929347ef3ee8208a7d57c88546973443935a87526d0990ddf0b285353a5f3dd8fb54c99323e60a92fcd4d488df21c939

C:\Users\Admin\AppData\Local\Temp\EQIm.exe

MD5 71a164669cb1b36ea3a28773c37e8a27
SHA1 132ce0c854b622691799a060fc9daba087f5ff4f
SHA256 08e57dea43e1a199e0f7fb2efa291c555cab3540bfe116e99599279130d2b9eb
SHA512 46272c6098f92696567c15d9672f732815c8c8bb84ac673c9289b3af46c9ee68bae2133996a2d5ab38e1883e26e3c14898ae8d4ddedf5b0584df606ba44a4c99

C:\Users\Admin\AppData\Local\Temp\KIIG.exe

MD5 c0ba7dae8291201ab2b43cb12fb00794
SHA1 f51cb7c19337fecce6660d5195a7a41a50fc2e2d
SHA256 b7bbb696a39e3e46a4d86c6d046117811eaee077068ad03b6d2faf1c24bb13e1
SHA512 1880860add42fcdb85ef40bf0c1ee4aa1ca99788dcb07689d92017018a1045cfac35be7de758b4bbf2e30a62f2f93dfe95558f365752054ebc9bf87cef3b1317

C:\Users\Admin\AppData\Local\Temp\VCEAwcQU.bat

MD5 4e6acf22e2c5ac0e51246c92935bfca2
SHA1 a4934dc3736a375994fc01f81bfb9079d90e1bec
SHA256 444e19cded08798c4edbc728890b055af7fb05dc7c8db37af9931d5d48ec0a9f
SHA512 7679934f1060ace4f2f367a4fc92d47f2c2b6bd5a14219f4950d8aeb1e6cedd093e189be540ed5a9e4835e1d60f74344184659762bd038dded13e32787158e79

C:\Users\Admin\AppData\Local\Temp\cwQA.exe

MD5 69d4971d6771d7b0fab55be2bada14b7
SHA1 d594d3f72c761bcf149754a8835312b1f85606e6
SHA256 cd297b6c2b4c7431d0dafd83f0fdfd2f67eea3a7a9097ff6def0fa2d07517380
SHA512 1c78b316cdf5327c8974353a14683a7783eb2f93df82354b3539e88fd3cd77860c508d5b9f68822a0007995b570810152d7dc438f4714da73002a0a181ecb007

C:\Users\Admin\AppData\Local\Temp\wUAU.exe

MD5 fb7032cea7d3f18a771b6a26f4c241d3
SHA1 64d1880441df032b5cd779cf60b727dc6ee8cafc
SHA256 6605015c380d12673df593181677711f3aecb3c6ee60bb1ff9ebc388dab41d20
SHA512 b03937eaf51b4db1e02736eeb56b861a775a79056ed310b3a071dc3a9c7232d350d5a2c2778bb35a16b47ed04d55896651a42d431db9929e3b490e9961eb17c6

C:\Users\Admin\AppData\Local\Temp\mUYM.exe

MD5 6fd2c91e986f7be2fb1b3c24627986f2
SHA1 8b1a6c81f1edd5d3d0a70bd5a046d82faeae42d2
SHA256 5990acc4b53afefe6fcb251564d59487a2efa8b285b194b18e8ff17483e9535a
SHA512 a30509379e82d5ae4f7385ae7c955bce177c95b77483539f5bc6372cc5e6005422bd404f707b18f67a118782a0828c0438219d5d0ab4c95d08cd09ee7a95acb4

C:\Users\Admin\AppData\Local\Temp\IsMa.exe

MD5 f82158de725a5a74dc8b5d413f35f9b5
SHA1 0d7e7a085a3a28cea3841fdf8437ff581d4cec61
SHA256 9e646d18b85bc91aede4f0fbfc5981a7150d6dde1948b1ca31b6ad88081ca3cf
SHA512 b66a2490420947b3f99036c8f49f12b80158ec18ce1aeda02e5bd701108f5fab549196931d1b594c3d7a5478816cbcb5130baac03e62b7b5a351373c35b48c8a

C:\Users\Admin\AppData\Local\Temp\ssAa.exe

MD5 0e6fb0dfef8d5a21663d786cb1be3d3e
SHA1 494b05eae912e8e647a637f1281dd71ed0b4eac1
SHA256 6d9fac0790b6a7baef438c08035e605aa7b1445eb6810b5f28f3b1ff6e3fda5c
SHA512 600e3d12af54e557486f5bee267cc6d8938b90893a41b39b0fd4a706e6bc3ac88d3e66ef3cf42fe752f7d1a3d9e280128e60ad8164f2afa79be11bc91970233b

C:\Users\Admin\AppData\Local\Temp\IYUk.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\IcMa.exe

MD5 f5552281a8a4a2c147b5930f3d19dd9c
SHA1 d15962b712485219b91a1c59b4f8f42ed7eab2e0
SHA256 a937d29402f45a8d62727254251ae1a46dae4c5d47d26c053b7977eae844eba7
SHA512 a728886b5103ec6642de61e0cdf0548ad4d15e04ed4df3000b9504b3d571e6c2a9447e843c6ef68d899733c272cbf69c4e400e8e0c9ac5ed1980b1942c46ae65

C:\Users\Admin\AppData\Local\Temp\cQEC.exe

MD5 01d9b91ff4e1011d0b3e5219854a87b6
SHA1 9d68f0290f6071977ca463a1cc3a3c01695d3885
SHA256 f9927a2ff5ff989e5295ca9ef97485287a7f49cdfc638c3fe42d897191fc9044
SHA512 71c11f335948c98f0c386faa1d9dffc7e6b1dec13c0db865128a7386e17b2ef58a9554bac0a9b167c36ff7c71b522c4b9fc58940f805972cf58369220d8166de

C:\Users\Admin\AppData\Local\Temp\okwu.exe

MD5 5f19fd1a648f5e82c7a28f48ddf802a5
SHA1 0501bc670683945b01440b1a74b9b1f65aac3603
SHA256 b01a494d48dbfebc1d29d55b0b8abc2f0245ed5b0cac3e13a1e929c8a6a67c33
SHA512 e666f9a90750ab7582cba83e2b3a2c7c2e002a5eb654226d520faff9919a19cb3cff4bddaf64dd73d18424401a61901a7419664c0e21e0cc3696e9872c6654fe

C:\Users\Admin\AppData\Local\Temp\vYUMIIwI.bat

MD5 c9377774179190697f19f0dd4e77a6d0
SHA1 0cb85c6c13eb9ac9a711bd29674d704f310d06a8
SHA256 36e6b2f06bf9e3f30c084d3de62279759d212167cd3286d42bf5609c2cf3c8ca
SHA512 fe8d02a34ec38afc0989df16b1508d94432edab114d6c25debafd5a0a9fb93f25fe3c8a814788ff7ea2b2fa03dc023964fc80ba29065f3b2a84c6307c99689bb

C:\Users\Admin\AppData\Local\Temp\FsYkgMMQ.bat

MD5 84b89f80a0434904850b5eadfccce253
SHA1 deb5b1cc851469b50e2c338540a3472437df1f6b
SHA256 803921057336c5cdea43ca1b87c8d381f79ef25a847bd0b7fd19db3a10f075d0
SHA512 3b4060f27f557ec43ba3509dbee1744180164eccf158b7bedc65c290ce93a94982b08e4cc2e2088c0bbceb69fc6474cfb97f7aa0446cd4783d373573829b35d0

C:\Users\Admin\AppData\Local\Temp\NssIokQg.bat

MD5 b1b61c47c673502038b82f2a2bc41253
SHA1 b087813644ee429ffb9d4566fb12652e69f3a0dd
SHA256 4a613e69364b84c2c6e8ca9fe066387e1dc9aeb41f4be8341313f1ae60436f3e
SHA512 4be980c3a778bb6b788abe0c501c80394137802de377cf769a26908da5c34f0394bba76800c1b9ec337214c9a44b758e0b3b74505e7ded213e4621eb3bdcf4c1

C:\Users\Admin\AppData\Local\Temp\eSsQIUMo.bat

MD5 7daabda1622e224a7826743480468d72
SHA1 ffea229d3b851e3b4f284c81f5401ab897988d16
SHA256 6765c4690e141347f9fd4486e95ccb84a6d2d4017b599fa3b2f50f88cc78e71a
SHA512 3b964cd5e80990975ee3de260677149f8e015a202ae9493c359b16043a9bafc282c674bbb6405bc51a6b99363f88065e24ff02afcb2d63a53ba5bf2a748d21f6

C:\Users\Admin\AppData\Local\Temp\EMwQoUIg.bat

MD5 7df6dc34b9037ced8de76b753aff71cf
SHA1 0cef8494c7a904ca644224eb855df44b5a4d5878
SHA256 adb0453b991d8c414db14cb008acc0550d26814aafa12f65de158514ac8169a0
SHA512 c6a1956e40ffcbf1632a748705a943cec1a05341d25553244a65ce3dcd4f21f933a194bbe49dc4852b97d45720bc26c8ec859a3de9c92522445d119faba0d5cc

C:\Users\Admin\AppData\Local\Temp\iEIIoooM.bat

MD5 c940357a7b1e195f3642920df351dd05
SHA1 f5828e77f85d3baf7bfa71d6e8c9027bd83853d6
SHA256 c8cb7318aff012c372e3b045eba37f6ebfb94d4b17dd364c41ff7930adc7344d
SHA512 42d191e87bfa4137cc7854d49a44569352633fae48b31a84dd75617b1729bbc3448225c2fa93b01b8ea4bb87008863993bbf9ee32c6716cd2db388d43cae6f3b

C:\Users\Admin\AppData\Local\Temp\CQwYkEow.bat

MD5 0c96bea065aa1ce90da7d3142e3501b3
SHA1 8a0dfb93608203b4e6782519446cd98be59af60b
SHA256 c81a41b0c5a098f861d3b0b22d1134d73df307038100822d1d4ec7024ba18fd6
SHA512 99ea34a9c5adae5bee9b69c8446d86f5f59963b809839a0e33fc6dbeb9e34170912e83bcfecfe9b85aecafc4c74709c5c15a3f66d4f7f02493357100c0cd50e5

C:\Users\Admin\AppData\Local\Temp\PCYoAcIQ.bat

MD5 12d3e94a8986382891075a326b6d9df1
SHA1 d3c030582476692ff792688f9855171acd2aabd6
SHA256 cbcd88abf8b56f9698995199b1cae06cfb58526ea32e901718229374c5e98849
SHA512 c458517d9af49d109e3afa4f6e9a276878c97f81b9bc1eb763d2809117b541613fda474937cd7c7b5109cfe19ccf62ad30f649f23d8ae5a1029b81d8de32e52b

C:\Users\Admin\AppData\Local\Temp\fMgkkkYo.bat

MD5 24c534d9ee493a43214e810577aae4cb
SHA1 1d824b88274cd8cb0b3c6817d7898af11edf1591
SHA256 cb6e09424f0febced9dc8d09f42c3903a5b52cc63e3d9daaef4361b96892e133
SHA512 28a4c1cdaa97795f4447a9552541646453e3f1299dfd7314301b14f4a50e1c9cd4d52e6c72afcd63bea8b249dcf0cd43407c0ef371e048d121d5d1479fbb46c6

C:\Users\Admin\AppData\Local\Temp\DCAkIEwU.bat

MD5 3a5542cea39a35f9e783be3bc3ab37d2
SHA1 a630a8479352dc85f45a024e01f6fce2d85d78dd
SHA256 eb863adb75dfcda4a6898b53f1a112cd0d7932590a5766b6942a356db3cd71f7
SHA512 40d709c1deaed668b88ca3f9ec8d1fbd4f42a363c596a1df37961f1c231afc87e74be7fc3c72a5fe7a49fa2e02aa8cc0fe69cc2a272642910550e458fd461ec3

C:\Users\Admin\AppData\Local\Temp\lkQUAgAc.bat

MD5 3b1621c94453276e2fde82a4eedac92c
SHA1 772f86c7aa20a91c735f0b58a84244dd9206160d
SHA256 3c2cfb59a08e1cb7aa23bfacd20d2cc75da480ccf6058693c61400005a24c70b
SHA512 b7da26986564e6c23e888e979a32f58e9b0aa47dac42a8d91c931198deee66373ba1b0ce1a322abeb889976d73905bc8bad4e4086edf28cfdd11d049df23dedc

C:\Users\Admin\AppData\Local\Temp\IEcgoccY.bat

MD5 deb3ddcc06a84024393db6dd5892e01b
SHA1 76afc9c32c84a9513ed6e1d66ceabff0644cdc27
SHA256 08881f5c0f9f49238348424c140988d2fad476eee5d4808005e7bb09999dd4c8
SHA512 18ac0577a49440ec8e5d33adcad7016a2e3c2189a47a534bc5a0338184fc4904aba74b256dc6e64b06ad2e335290fd43f419c4576d8ab8a1e81e80cae9e532e5

C:\Users\Admin\AppData\Local\Temp\MIAq.exe

MD5 d61f9edcd65704cd2a5f4d7663dff370
SHA1 cb672160be7e0fb9afdde26684daf42af6e93f3e
SHA256 7193584c4c20dbb853967c7259fe3acfa395659db17566406d5b4dba68270192
SHA512 7e6d45a50bd6921875d5839d2180221186acfaae49224a68f70701665a1dd8c595218076c7a3691b95e93f4483a4074b374ec637fac315262169cc5de3124644

C:\Users\Admin\AppData\Local\Temp\mOgQoIMg.bat

MD5 a2636fdc0adbd82da0319605d41dbd99
SHA1 a87325140b139db6789dc58261deb5a0d1f9d0c0
SHA256 a79627d532d47ed7fe412b8fdfc3fdc8608166e0c92a471588c16e07a1e96d5d
SHA512 ec96bd80aef5aa58cb737397713dd05da826c2dfb75ad584525819a06ec1140b92fef219cbcd4b787aa3de138e1bea81a4b86f159185b05c77a822adf4d0d758

C:\Users\Admin\AppData\Local\Temp\qsIW.exe

MD5 53e1adc33d3c882cd0520d54c69322c8
SHA1 4816b51468089bdecf88c76fd27680a308954ecd
SHA256 90ee927b263292773382b20d0b5d23f911e741c2a40770ee60dbc2f07adebbd3
SHA512 a614a4fdbec3c94a2330e14c42e84b114e66b3139a8cee3f94bfe1ced45547aaaebe99b9515ee6e706e03217245a6d92558fb0f13dfc0710035ec95a76b01261

C:\Users\Admin\AppData\Local\Temp\sgAo.exe

MD5 d417f776bb9b628404d36efd9094ab31
SHA1 f682a320a05250fa1f10f32c096a09e0d8176ba4
SHA256 2e0491ac0b662a4deafc1073fe474804db84db40d4018d38595e982a57a785a9
SHA512 589fff3df6782c52bd00465d3175f25e8929e92ab8db4053b7cb3a8a400b2989a7f1990dca26415414fc2a9e4c09c8e792cedb6ad1d4d81bca713b83eec4d4ee

C:\Users\Admin\AppData\Local\Temp\mAAq.exe

MD5 425be644534253da9fe1902e63b62783
SHA1 e5f7d21c331111b38ebe7c361268e3ed260e76e9
SHA256 601456942d02c75a1a40c3455a62255340f5301ca4d14836aa6c18aacd2ab5b9
SHA512 1bd759f950eb7c2a91f3acd584d1df7a1cbffa8045a520fc253bef9ac41869db61a8f83c125b99b307af9d26c3ae8ab0a9440e4ee550e1dfe96be96612f2a5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exe

MD5 da9b54a96fd5c4228233ae0cafeb872a
SHA1 41c78e0aaf9780407a465d2687a4cafe67b0c4ed
SHA256 7e4c97475d9e766b6a66395886071c5061762e7f1a82d33f5ae19849aa4e704c
SHA512 4377100257c3744b8a92b22331f4a1ffb2ef2dd74da643da990def006121fdd84ef6f5005f9f2702bd9d6cd0a890966cf7eb403c22718acc927182e3b61d89c6

C:\Users\Admin\AppData\Local\Temp\WCEEsgEI.bat

MD5 1f94f3ecb55a4a38d0e5db7f65e44b53
SHA1 c94dc1bee80e2bfa4814c5f154f3d9c43469b354
SHA256 d7f4b0c143c8ee811b7122b98015f3cb4f5c67db73d004e8288532b8af445835
SHA512 143a64c390be2ae273bb31f02656641bf9fed1dfd21e800a8f860ef1851de58aa21dcbb2f903a43df6cb20893d9146dd81df4199963a9352eb5df3772196f8ef

C:\Users\Admin\AppData\Local\Temp\yQMk.exe

MD5 b13ac9c6a03b2a2d5be57228563cecc5
SHA1 1a08944f4a3d5e74f184f2cb79d10c5b97e37d0c
SHA256 9a26daae71e4b936fd04c5214d3f7189a07bbd792709c64e50025f88d07711df
SHA512 27f87cc833787dbb8299274dcf65027f8e095716a415c13268e12690f952056d271ac45bb89effa13b03cc516e6648a91a720733bb0dbc5aded6455c18c183d5

C:\Users\Admin\AppData\Local\Temp\ogsw.exe

MD5 03e35b4294ff52f5d8dd06e4d378a009
SHA1 526203685d341bfcf2fec20e259f9170be299cee
SHA256 bcd75bd16a7775e0da7cbaeab383844e1ecb8b2c55719b9df005d58093650e6a
SHA512 765428fefdac7915f97df72e991640ffff466c269f4965b70895c194f4b2284dece84a6610bcab5444fd07bfb5ff63fcf00f4601fdd0bbed5e09a23dc5711ca8

C:\Users\Admin\AppData\Local\Temp\uwMA.exe

MD5 f3c209b1ac75e01e89ad70b7feb6f2fc
SHA1 5e8545323a0686689cab8e07eee0a51d7d3ec8d8
SHA256 b1bd0c0a5ef411a16d4553ee456f52147e18181bd417da65cdc85ff6c0b9c440
SHA512 7d2956e41160ae4a3dabc561d9fcc695d6311a65b3f8aff817151f9698b070782ebc1932feebe2aa0672af3a474fb0fc7ad5b811e1d67ffcb20251fb81a3c6f6

C:\Users\Admin\AppData\Local\Temp\oMwM.exe

MD5 c8ee694c830d7c486bc6ec9afaa3cfbb
SHA1 51f40828782f347579bc63d694ff901f1ff91961
SHA256 dd8205c190e6f4c442163a35f1c770994683c425a14150e450dc0c5d14c2686b
SHA512 93f592a536cdd6a16388d3fa463547207ceb147a3eedfb537862b1ef7887bd192c6ddd82bd8dbb8785b2d50427de18ae16e82c8820bcafe019c03c4c4bb2eb90

C:\Users\Admin\AppData\Local\Temp\AEYY.exe

MD5 438df8c837914e8d5e96d9e7295be8a0
SHA1 2a2a6a734945bbb4882de8fcefb5a52c957e62f0
SHA256 b48e9a259534ab770acfee4b14bc578bf9ef17d9eb38b80e3d96fba3ebffd2a2
SHA512 f63f0b20e1a8681e28a50ef9e8981e15ae86faee367fbd59aa0f5a6d7beaaacfa05f6d61f2ebca979091e4a88504625625fa3510ba6ed972d915c179d6987c22

C:\Users\Admin\AppData\Local\Temp\aEUgIkUo.bat

MD5 f9e8c29ae67c8cb0e6be265c2b172884
SHA1 80a18d85701f48824f78aa4ee21035ee6f594754
SHA256 71e9a479d3a17debc09d2f716d75929ecab54501ab18feb492810c1f7f54342e
SHA512 dd33c2c6d1048248325481bfee72d58d68d5e4ff5a33c2a4782bf3dd8e511c9416284cd19644ff9179735b3070f666cafeb32e43a319c610801fa9f487fd9a01

C:\Users\Admin\AppData\Local\Temp\KQUa.exe

MD5 430836d05ba4d489b6e7d158ee5a1c77
SHA1 543a9f9b3bfe4c7a0fadaea79fef4a108d0d1ce2
SHA256 fe5fdd9ed67442ae1e242f2d048f189641293010dba299b579059b6c18fee139
SHA512 26e6d9dd93bbab8a721c9318774b0278b5d82ad987b93ff0c875ba6caafac99599c5f95ed32cea6c2ce37f9cbb634525d4e6487f52ff8e49ea98df8db79e58df

C:\Users\Admin\AppData\Local\Temp\OoMI.exe

MD5 f2c1280a83ea8e3d496d2c77b5a63b77
SHA1 1d7dc96e1cea2949307af0b188109b74b6d091a0
SHA256 11cc157ca579cb37ccef282bce19f8ad53f185a7a90b298707f88e488fa218b9
SHA512 8b5653e1d9659df1ee90403ae3fbcf0e75783d47b9bf61a97a678e122a400f34b3f64b4f6e381d186b73dbae25cedaecab716093b90286e17e4f97d0e2becfd5

C:\Users\Admin\AppData\Local\Temp\gkok.exe

MD5 9079e0db3298e429522651ab6ddebd4b
SHA1 834e003ed6acc0cb44061c65e077128b2907533d
SHA256 6712f72122d66276b46b245e77ff316b42f49e99512f583a0e81b1a64c5861d4
SHA512 2e1ff5fca9eb774f96e478807708fd33500d0acdfaa329f63ed5aaaef12eba320f2a27b4ff93f110d9756df64d9c00aabed5f741eb73de67badeff7dd725317a

C:\Users\Admin\AppData\Local\Temp\YkYK.exe

MD5 b5efae93beecc3378c240e879b34d9aa
SHA1 5645d597e3f1e9f840c0f64eadb035d3cc462cac
SHA256 110747381275f79d6e42213b3a960ed4ab16d8bad0d595c1f20e739c3dcc9866
SHA512 858861f8170845260e1c31528d69129c52c590182e2a2bd19800ae36d92d91f51f29c69eca4e990da08e62d6c8dd391be90132fecaed37d66c8252336a9849da

C:\Users\Admin\AppData\Local\Temp\VkscsEMQ.bat

MD5 4ad0f36dad260b9f768275db2d9309e7
SHA1 0e1a89588c8b3aa7222827f0872ef3968ffedb5c
SHA256 936d6e35c6da590d352939914e3600f747b3cb94d9724a8dfa34a719768d785d
SHA512 753852742ff37abb1f824ca7e2db266368274732792a3e7fde9e34fc2705dc1825edc7061bb778970472effe50e3ea9e16eee00e229f426d98be8f2b67036452

C:\Users\Admin\AppData\Local\Temp\ksoQ.exe

MD5 513ead99f89b5bf1b4e5b4cad1d49c85
SHA1 7d9a27b29289cab22d2e9a967f0769967027b8ae
SHA256 a96073cdf1b10d4d3244be25489c78ddd4b1a0c4545e41b5f43118b21216eedf
SHA512 6e52ac1c0b57fbd3e6edfcb82f9f68d5a503fae4c38a2805a23ec9acf79f13ec673a1d0065fe3b4a3a52a85510b3799f7246b3dfe7d443ac3cf9c0a7168642de

C:\Users\Admin\AppData\Local\Temp\uMEq.exe

MD5 fa98f09f7ecd2b030d64cec20a4a39f5
SHA1 c4009d62dea45c69ef28e8680ebdcdd3cc94d51c
SHA256 ddfea98e4acb458360628714442b9ae7ec67179a096e07760c36aebb38f2f67c
SHA512 34c6f7fab968902b82b2c2697aa44ddbc7f688c71f168c2cc31cb93a49f3b89bba428279e90311438999f0af00914799088f56adf79540c05c58300423476967

C:\Users\Admin\AppData\Local\Temp\CYUE.exe

MD5 5029e545bad59dcbd9b2174745b95f5a
SHA1 09968cc530d363e6afc2ba0e824b649ccd3d46f0
SHA256 7b6debc2fad38d3949c370912a5fdf7337366add9b1f6f81cb12dbeee228e219
SHA512 65acad8d27bc9f83a64d145cc46c5e34524864b8ae373d002f59bb634b51e4fb77476041ce2c029846d0353010607f8da52085770d84a6be5bb9d164b92bada1

C:\Users\Admin\AppData\Local\Temp\Oosc.exe

MD5 015ad994a7b045395bb5a984dfd0328b
SHA1 f3024c11721dfe58965e8f52f041722cc40965b7
SHA256 2074fe83507565542442f77c5585c27985dc094fa9bb5ca8ca07f5427e9be411
SHA512 3b523db84b1b02723ea30bbed139871eb5e0cff88100e126af568dd2a03a320171245db5ab6c81e8cd8f98bafdfccc12b87ef979b3d4eb1f730530dee5382618

C:\Users\Admin\AppData\Local\Temp\foEkIQEw.bat

MD5 8acf0b928e68499e236718b745c7d752
SHA1 5e33c4b8cca82189ebd358a853fac859811a17ea
SHA256 018d41b38c864f4844c7cb8252a0e243cd29ca4a0aa1ce247fcffc1e9f0b5c52
SHA512 2412b01108adfd28fc797219b759f73bbe1805533e0ee533368dc25e5fb5d0a3451fc316b0d80a9b82d2031bb33ccdf5b4b8c7cb837f4eb66b53d1ecc26455c5

C:\Users\Admin\AppData\Local\Temp\occk.exe

MD5 06383532f0469f5d7c56c671dad16c5f
SHA1 7f9ed74321903f78682a7f34bd1223cbb15d0ece
SHA256 1f6cbbdfb9d16353614befdec8c850f45bee4eba38ef2c3bdebf4b9ce24bc348
SHA512 abd896a9d9c5782ed734bdb3fd0c8670efe95fa832e98f7eb591268787eb57246ff70a95e831fca60e20e71b33423172d7a02a60bdc7c22a64bacd748a3ba592

C:\Users\Admin\AppData\Local\Temp\QQkw.exe

MD5 876f5bf0c23b87f6172bb0a73d03166c
SHA1 d794536b248b934880550bf09fa87badeb20033f
SHA256 1c970bf02613d457454e5f55b1af95a07e1493ce10f5709c8f5baca321c6aa84
SHA512 b8e5450992688b24a1654189a686482202e5f792d6755e4a346e19c31c703537473ab86ed1d79e1c6c2b979c75b776f616c1a2de47cfb74894e5c73d3e8157e6

C:\Users\Admin\AppData\Local\Temp\EMsO.exe

MD5 c251b942498b7530e28d22eca3af7c3f
SHA1 7d577a756066c7d85c5b98abd25c80adfa7c82de
SHA256 c43f5d3e4444fdf5cc99a218655c4530fb2504e0f12387ca3267a6ac8625eb9b
SHA512 fdb92d9a32d7455c36b34e9c3d2ef5536b64034bf6f2ff7c7b067c66f03581364d28bef6939eeb5c5392e895a8a00b1ef1d24b630fc8a80d5bbff43cf3e274de

C:\Users\Admin\AppData\Local\Temp\CIUK.exe

MD5 de28a739683e8914fb247615aaff0852
SHA1 7565d265bafdb36f314b5ea4772bc74e48872d5e
SHA256 e127386087994a22ed97ee589e10b47eb0f209ac82e2f57e0b5fd72bb5466ee4
SHA512 a39c036345e392f860baf7addd99232d9268630d3136b07727e926715dbc39ad4c6c3d9d20e07db02e2bc307728b784bcd2de2788313271310203f5bea837b6c

C:\Users\Admin\AppData\Local\Temp\UAUS.exe

MD5 8aeb07b90f72abafb83e0f7a9b591ecd
SHA1 e471070ba54f0a3bb7ec4fa1358dfd36e65cd63e
SHA256 7606603bbcd6bfa18bf922cbab8d5a4bc89cb02e690ea7ff0e6b5aed86be2ac8
SHA512 862fe70c7bc52172486d682c2da0a952d2f6e4f7911ca20fbf97d63557ab35568a65247d8629625b6d27d3d8ad0456e4ca40021bb0e878fbfd928f23c4dd5daf

C:\Users\Admin\AppData\Local\Temp\GAoA.exe

MD5 d1ecff8bc8de953765f83229bba7e817
SHA1 9946f249d727f124bffa8bec5ab091358e446b7b
SHA256 92f18341ce0f842d978b1b86c77a96f7656bc46caae0f1fef8713863042225e5
SHA512 d6affb636a6cf510b43740249c45c189b379013e5ac263aa7eb08f37ac8ced5ced94e78158fad610a9006bf0d70d9b719554df7cf4d17bee1c9341de1b0de78e

C:\Users\Admin\AppData\Local\Temp\GQoy.exe

MD5 560b257f648b4e7eed2c2d409f265e7b
SHA1 b844a1c780d7fa1889e94e235cb9c7c1474f4b82
SHA256 75b1b6db65220da4bd452c43ce08dcfa30dd26259414d1cdabdd1a2b3746055f
SHA512 c7a783d7d3dc2e6dc7c07168e19ed6b7d249556b5af53456e468dec013f60c2cde82753185d735e15b6dfdd0dd24828e8224d4f1a555278d71c4eaea24789595

C:\Users\Admin\AppData\Local\Temp\RgAcIEIo.bat

MD5 dbdeaf4b614eba9fa88d8a9823c2ba7a
SHA1 83c74e99b025714b22fe86f097bd567b7c7adec2
SHA256 cde636f15bb5dc653b4de858e0e841053e82735f2c6acfd4f100c7233894631a
SHA512 e7f10935ddd9a0227a7523851625b49adc95efbf3e2a9de4bd7caef1ca1a6745f0e4c2aac343a6931079a3774ff6da35414126ab69d952fdb39d5e5d31e3944d

C:\Users\Admin\AppData\Local\Temp\cMoU.exe

MD5 037d9bc20ce9d4275f44de65366a9d73
SHA1 011e3c55aa4bcb695907276c4f53cbf8a2c4d108
SHA256 81163daf8c6e503fd271b85ff337eb4c3f9287f08590c562b49c2adb2b038ef8
SHA512 68f7318fdcbc5c2ddf2f08051febf43e49402d7a9e916062e07b5090299073c06a53ece4941233de50ba0fb7356a53aeaa03dde38eb8ffffa4bd2d677686326f

C:\Users\Admin\AppData\Local\Temp\iQcs.exe

MD5 510787e8e4b97f1ba440eb28ff453e2a
SHA1 6f56f0111a09efb722f2433bf73bc8b47a75fe48
SHA256 d925150e9aa386d9fc01b6980f5f4918560dec5ee3123fabec990635534f9aff
SHA512 4052873dce5e29814578208c0d661c75ed976bcaf3a2eb527cdfad33fa3ccdfe296853fa542cd06f89d75b6a74f0ccd18e4e2cb235217c71385bacf1c0f28632

C:\Users\Admin\AppData\Local\Temp\jYQQMIwQ.bat

MD5 7deca6dbdead72df8b0dff969e8b23b0
SHA1 21079d9d9c5e12856539ddd3b0e28dd6f39ea29e
SHA256 09ec1813b04810168bb395a2fa47b8d4e5ee72c15082c88582a365cda0e83c94
SHA512 ad90dae8c37043d2e4e6a98f2bbaad97f21d12321f8f38f136a2be7d0ae836f72473b194f77f4173dfc1b02bd3bc3b128de7ed253f5047b7c94eeeb9c101ce81

C:\Users\Admin\AppData\Local\Temp\KkYS.exe

MD5 9e34b9f20eb5a66ba284ca26d6076c8b
SHA1 8b8939e19b8dedf529cb1402ac5841bfb6584deb
SHA256 fc9aceede946b78fa5cf9d276dad074e62bc0dd83111ff7b75eff6898d07facc
SHA512 7c8fb0461f001f00e18e3ec46bd3833e2339a73b1e468480bfaa07126c564d323e16f8502ee976156337182ce0d54731a97dcc7466f98bbb6f8d307bcb24e1f6

C:\Users\Admin\AppData\Local\Temp\jgkgAoIU.bat

MD5 c41fa1e747eff33afaea2da08b652288
SHA1 faa4ca457fda6698164cadab2b860849b064fba2
SHA256 0cc3298f374ab21cba54e202978a5643d20a57b1e2877f4be828e0ad559f0320
SHA512 224b85da273fe4624815cc663c931e7b94bed1d86a9d87e84ee7759471c5c6b7d29f2b50e435683f5144210e88666a44680175b428c075e251200696cb5d59fd

C:\Users\Admin\AppData\Local\Temp\sUse.exe

MD5 ad61fe8c47a044d22fa50cead79cb257
SHA1 13059ec4f0826ac65992d4cdd19aa083b44c2399
SHA256 c3f626ea58b1ec25f4dd161a5ef370a497e93e0ac1059f978255607672432129
SHA512 28fdbdeb349192859d1717bc4121a06c2e82947394b835ffa3c08c668b57acaa70135b080aab789b1d3788673a7270c11c4f237d4e705f04bbec6357bd0e7af4

C:\Users\Admin\AppData\Local\Temp\sEgs.exe

MD5 1df30b21ac67c48e5b18fdd9ae02a016
SHA1 cb1bcb60a9992ff72655ac6ad78db38f261e6b92
SHA256 1401506c381096420c60f742211309966341db0822e5184f8e0ae2737f8367a3
SHA512 e2d4617b0b9b0abcf9056e3148f0de0ab8805bfc3ad61fea168b009c8bd9aa30dbbc53305cad31b53346820a8ae17cef1b41e29842177a174353166f050a3a12

C:\Users\Admin\AppData\Local\Temp\wsYI.exe

MD5 4b60a0fb95212eb8cf3498a048937bc7
SHA1 a56c928fc8011cf111781ee90f738c339318255b
SHA256 6742e4ac889773e8c55e6b2564f74980fb2d91b402adca9cd9fbaa2c6ebcb74b
SHA512 2e66559bd87e7e7924199a808ce0fa6c60f99838e32dd5ee59322cd298538b92cf7768b2f3c3a7f242b9f55d81324ea65881d809b44ce3055889aceae049da66

C:\Users\Admin\AppData\Local\Temp\GcII.exe

MD5 1e43a1430fe6dd56d75a6e6aee951eb9
SHA1 86c95156124aa2097d3bfe052798a9805ff00caa
SHA256 7873a82f2356a0d6b104748631f9158007fd9c9293dfe4aa02a4e52c0a405535
SHA512 6d11e2e09b51f07a233c97aa591ae545d9ce5be6051bcbd0f1fa8828c1a893b8236b1afc4f47cc1623a5a6936342e59e0bfa41c7d59ee324c65498bfd6bbfbff

C:\Users\Admin\AppData\Local\Temp\iCIMgQAE.bat

MD5 e7b5d224818656ef4c30e9d20d88b97b
SHA1 4ff527b5c97ea407516e77666b0462c7c12868e8
SHA256 d5fc473cac0ae08f5f41781c413733d51fe8269eaabc9b613a4941bd6e4b373b
SHA512 df978e9300c066c037649336c414cbbc6e094b31b4f510999c338904dbcf0452464ef208764d1c3bb03904635d42889cd554acf145494a07b0ef3a6eadfc3edb

C:\Users\Admin\AppData\Local\Temp\wgUM.exe

MD5 ad538cd250141f0ebd76355ecf2a0e04
SHA1 275c2f417f7dab5e808bee7e32c55df07bb710fc
SHA256 cb48ceeae123a6f4e2b64df640f78a108339e7d5ae9c743681ebdc52a3df59e8
SHA512 3fe43d911082734abc506fcd7c84268a463f06c4d60769e00d2e5b00bddd92a1b409ca75b13536e34bed755f916b5c16ae21590fac3359e4de32dcfdceb66e3c

C:\Users\Admin\AppData\Local\Temp\EIIS.exe

MD5 72f78e0e80b4e92e64bf04064455c04f
SHA1 13b937a7307c0e028e9a92dec525597b5a2ce87a
SHA256 5fc24b71ffdec2e89c74906954fb8155c21b2288e2e2fe9c6a0e68a13f90fe93
SHA512 f44c5e022f139143d03da95a84d67a92311ddadd9c0130e6cb52143e9e3cd9c6cc6d372c8e40ccc173741ff73422686aa6a8037988765c836b7b3a7038602e08

C:\Users\Admin\AppData\Local\Temp\mggM.exe

MD5 7a3fc20bce5897294c850f90e669c164
SHA1 5acb5c205da0bfd1c6c4c004f3baae2fb26412ef
SHA256 78b373a89ce9b63a5139c074b629d454d76ce076080a75de499336002efdafda
SHA512 34906afd3f484c894ad15c6da62f94278529896d373678548476f59abca27696c984da620ea2899e86a22204de6f05bfc5a682e0511809e668a449f18b8fcaf1

C:\Users\Admin\AppData\Local\Temp\MgIw.exe

MD5 28be75c8e12e99bd2cf1f96dbd879635
SHA1 465ba504793c7402f1cbafe6ef2249bd28d275f4
SHA256 2d8ac08fd486af88f5420ee55a269b60360f643c71fd2c1ec058bea76929d253
SHA512 8b104f69b55191f2d82e148fe726cfb8575ee22ffb9de5e7d4bf9e9371b00b265972082531fbd8326e042fb272d0798894dad108e768387ce27a98bd09b04faf

C:\Users\Admin\AppData\Local\Temp\mooQ.exe

MD5 63fabc1621a75bd2c8b97d4d39846762
SHA1 bef7d0fac2fd0ce6242cc9c7781ddc2232a28ad3
SHA256 83cf89271cc22b9185a0e8cf1890b66f923ecf0fc18d813f9c998512b7d0ef11
SHA512 31b3cef6dc80cf2a8169e24ac5c5f96dab2e0c3c71fa9b2630d9fdfa1b47f78b03602435eacf941f46014bad322340b94098a9487a25737a205a3021bf1edfe2

C:\Users\Admin\AppData\Local\Temp\EEIoMwkM.bat

MD5 549349982014191c82fe2c3db91cc022
SHA1 69e6940a2a785bd075db377450f4c9eaacf52965
SHA256 37e7740bac4bdb4618a73d24c8c62df685f3e162038df3bdb6a3a86603fbd478
SHA512 631de39f71bd5185da7fdbb7d2bce8f7b1d8225237cbc8b445425dee44ebb67531ec35fb5ab853c4250be8e239f82c5e36b177d29673742485196f0fda46f5e8

C:\Users\Admin\AppData\Local\Temp\ygYe.exe

MD5 8836a04037ab49a0342bb21be8b819fa
SHA1 bc3f158a2e42cc340100d0b2fc218df9099fdcd4
SHA256 f40f37afa81d475d8fa756779f2dbee8611289d92dfd1dc9a8ca43fbf19cec22
SHA512 d503cf80806d02d6936ea6337d72ecb30a1190e3106e5643f159a39f133070d1f8a5f69dc9c546800fc198c30716444983f3d325889e7ce55d57555fef556a83

C:\Users\Admin\AppData\Local\Temp\WgAU.exe

MD5 cab08430730aff3e220f852e952b7c00
SHA1 f56a5c8226416a17c43370b598c6f6c7868962cc
SHA256 5585168be5f95c6d26d152a403096d238e021ecd381e0e51e05950e0e24795ab
SHA512 e9bf792876920733c812f42190ff8f18b1fbb87e4b431369c70e2725cb5ba7b8e91b4999657abb86fcece9856d4f7e2536f6660087a555c6d0e32203fc5d230f

C:\Users\Admin\AppData\Local\Temp\eYMS.exe

MD5 dba590f3a80de8ad9874f16091e045a6
SHA1 6d3ad77ae7ac80764f5746ddebbe85a1fa35ca81
SHA256 96b760720bd0ac3b528cb5a2e91f39c6b4ca78389d2ecb1ce13ee93b50824b42
SHA512 7e0caffc233fa2ca412107502c19b757404a782e2c81f85a190c761f2f6113e80570114b5994436b243ef59a124367edc1c12bb7c1e7f89c31d3156ceeb0d60b

C:\Users\Admin\AppData\Local\Temp\soAE.exe

MD5 234a43d0af0557799f51654d5914276c
SHA1 6c46292f88790531dde6339b71da64e59222f65b
SHA256 4256bbc3b16f9f04c55d2be210945a23fcde8208ec010a7b47a42a032731588e
SHA512 c4137303f6122416338a53f1e96363bec5e050bfddfde99dfa77d9d67ba8b6c0946c87c34c635ecbc3f4e032d2300f506267cc9d960f999458d204d67036e6ec

C:\Users\Admin\AppData\Local\Temp\qgwu.exe

MD5 59d3ec04b8fa81ad69de6adc878b209d
SHA1 ff631740bc147b57abbbd304bff15d80cdeb1cf8
SHA256 48847e4c7d07cb002358c966ec0a9ef75fff3df5cbae47dc57833700e1bcba7f
SHA512 dc6816c9a4b8e4b12657629d151b6df457bf4711a70b4e8cca30e7bda64d9339761274aa29093de44b4df55537d0f949736d6b7a2c4002b631a88fb4eedd0468

C:\Users\Admin\AppData\Local\Temp\QkAM.exe

MD5 0913b55499294ed97d2ca15cc5277eff
SHA1 22aeb9dc3be07d34f718a6144a03dfd0cd7cdf39
SHA256 470602061eb81aaeb5fc938352bb59ea4820b0b8891adb5402a1abdd443c2ebe
SHA512 1c1990f1bb018ec40d98a56cf8f6bb69201ddb8fef491e58f47b8fa91213ac50b62af77c04b8049af97200fe4055c2bdc84c8a6e2b90857d2124745e38d7bd3d

C:\Users\Admin\AppData\Local\Temp\kYMq.exe

MD5 2cfb0bccb2ad0a3adb2c34816183899c
SHA1 41ba404829ef17999aa70c449ff4bbff3c5adeeb
SHA256 09b3d7a679dbb5e3c6ba2e7b6573ad71c30c0b3ef6dd6f4f6a249753bf973a87
SHA512 ed10f64aeb95a955ff076825396c3e2890f038d53f542ca21ed54c23025a7dc207c210f3d715af4434d04679879a38ab0eb056e4f4b030b1c7e7d375a2543c5b

C:\Users\Admin\AppData\Local\Temp\WwssQsYY.bat

MD5 4c0d7fd02d0b161692a585528b1b8b61
SHA1 fbae7b876fdba87e10ee7727b1b4765e1fef5b10
SHA256 407de4a2e7c689c52ad594c29d10f99683da3049d29045a6637631ff18ed92cf
SHA512 d1e5d89b99b3b6991be3aba017abc8a29a0056b4ff6cccc3fa3479c93303ac71212adf179a4c839aed680882bdd8ae954cfcb4395c9db21813856435753d55c7

C:\Users\Admin\AppData\Local\Temp\MUIO.exe

MD5 fd58c05c0e4e31643f6cb4a067732a7c
SHA1 a41425eca2bccf451f45eb274685c59f17fbad34
SHA256 4d1aeb3a7ce89f342ebdf47758020ba93c8150418e532c1ad74641d83832a7b7
SHA512 c9686947ef7443a000f91979659d3238b632d521d93490a34b70c4295c0ddbe0af4d8d94e5910244b30acc773a1a26d23d90c562c0c9c86056ac5555e7602d1f

C:\Users\Admin\AppData\Local\Temp\WAEC.exe

MD5 5b1e2db2e99f55130f9a3c70f8f5a6e1
SHA1 bb7c475cd01a52f6011e86bfca0db6074e454cd1
SHA256 faeb309d74f35d9cae0c6d2d160b391d1cb9cccb976f4c678025ec484a1181e7
SHA512 63836c4820da214828827441eb8b1c599536737dd6fabafbaf1ddabc2a3cccfdb4faa117f43932c49dead48f9768c1abb5a96b8075f61048c316bc9006ee23a9

C:\Users\Admin\AppData\Local\Temp\gAEq.exe

MD5 713a9bcf1cbc5b21c09b0d6a5ad8cd8b
SHA1 c8f1c1f409e1ffb7ca82bb0a465e78e0b281fa3f
SHA256 b911a0937fef430f3103d2d2240e012da65917b5839d66dc50f833255e9d6a56
SHA512 1c525b964455ac73b4d6638bff0b6cc13375687aca9db531c577a815db8026bf7ec589400f827ae92691a567ed288b86e1d0316e9d892cce7b63fce1ce13616d

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe

MD5 304c78b10f43f0725417b2b3779a1536
SHA1 2728547fb70d25d0935c42c78d10509e5bb3cfbd
SHA256 f534889081bae629981da029b7891121b46867a19fd822d182ca50d389113cc1
SHA512 96e0d19264f6587bba9ae5e8e242517a7247bc4db737f02f131152821b87572554cfa8dd51e7de14499c581919211976d83b065c256f234a89dc735cabf2a39c

C:\Users\Admin\AppData\Local\Temp\GqIgYsww.bat

MD5 a4a5e8df43e8be00fe0a7ddce3396c64
SHA1 ccc14fd01ca4eafabda127194fe02f503b108fcc
SHA256 4296743bc4a149709a60fe7c50bcd03c02fad381bd41106c2b543229c2d3ebad
SHA512 b916f40b3b7bd3ae1730da9443293355b4ba82919e441220266791a8e04fc044d0ace4f79098836aff3a5372a8769393ac4d962a9a7d7983f394e3f0db0fad05

C:\Users\Admin\AppData\Local\Temp\woAq.exe

MD5 a1ba44ab1055cac1a4dd34d897b1bd67
SHA1 ca5b766b4375e09402798ca465327250c62ab4fc
SHA256 a2c56c28086ee8d1116e170cca1d76a57bdaf6167aa07cbbf7c2b178c7b4e18f
SHA512 faf5fcea627ada01ca8a943cff1256e2a67c01e0a9e6eee4cd4857aa3f6a74b93cf5022a5842de5f31d7eb40d018fcadd2d204ce83344940e19e9febc8c322e7

C:\Users\Admin\AppData\Local\Temp\qgYI.exe

MD5 fb6954e73c329e252c0fd5a0169f6f4b
SHA1 95b0564d5404d4da31cbd228a22ae4637a8369c6
SHA256 9bc6519c4da5ffdcc1773da1563d230fdc5fb282bec29babd096a7fbddb105a0
SHA512 5d9d67ef6b22c7c96030eea9d3d9fde520bcadafdbbbf8a351e3743e71c5b05fd5b33c417878c01ddfb4a8484f0fe159528a8fee68059aa870caa79144b09f48

C:\Users\Admin\AppData\Local\Temp\GQko.exe

MD5 65f59c27036658ea0bf783e2000ee519
SHA1 dd4b7643db9cad406b681ec046036d0850add9ad
SHA256 5c40cad9c7c3c8b1c828f435cd10df70791bb4c15f67c06d0e46b782cf92e9e5
SHA512 015b81c2fb65ebc7586ea039e5ebef409947b33842dd0863a2ab549b51b23a30b2a07b0e24cb39bf66f4a52a438d9f3246b2c626339b42c3d201d42be260911d

C:\Users\Admin\AppData\Local\Temp\QgQC.exe

MD5 819d1da302fc37f24d65f802153a4f66
SHA1 9306f5f686aa9e36998aaf9d16a647ef4cd9fd66
SHA256 cfa2798c28ee39cf6ddd14b1be29f5c1ecf0b2b10270a2d483af86efef11ee3e
SHA512 06ebac8e7784930f1e3c8ceadafdccece2873d070162f4254f4380e188f44bfb1e911f59198073b598e40d80fb9cb820ad952f7034f02e8d32aa13770129bc22

C:\Users\Admin\AppData\Local\Temp\cYES.exe

MD5 4d15868fb7b8141bff08a9c98db2c447
SHA1 a52a295c14c59ea3755e8fd83937e0b2df08d29e
SHA256 63e05200b0956ff8f444c9bdc32a84a5c3cfd2b5c4a9e5cfcdbcf9081b89fc05
SHA512 13891aa057c3fb1122f7d9eac798f55807ae17b669df3d293df59ace9c026adb6ae4cdeab2d1fefdd7536d4205cc5d7d3cf0761a991b01c052d3fcb414d0ae65

C:\Users\Admin\AppData\Local\Temp\VKwwgIgs.bat

MD5 d69318f2a7b0a8fd21c3f9c43b5c52a9
SHA1 3ebd4f4353c7e30dbbbeedbeba06bc973b5e1b2a
SHA256 1409dc62d62b56b9ec481fb02872faa150f7b62131510fe1d7e0792951b322e9
SHA512 6293b48265e939813fa496a1ed31c1f4ef0b1afdc25c5058a86f932b793ddc5e55cd1b0a25274bae3f06276ea4cf5f17f5e646aa3bf76a6d25bbf2ec3fa853ca

C:\Users\Admin\AppData\Local\Temp\YEkY.exe

MD5 c8f8fd4f39fb286da47425fe3e3edc14
SHA1 023552e38be94e4da22372311b19a5c6d8cfde1b
SHA256 b45a236d61cc86fa2b3fc2e15950cb2acdd370c92f42222f51bfd321805452b5
SHA512 b2829b385a7d07af850a7070e9b6d73627bedde4c31de874defa5bb56b599e58c82263c9d96f542163ef1b6a2db02ea4d208d3845f906713b7625ab31e5b2b1c

C:\Users\Admin\AppData\Local\Temp\cUsY.exe

MD5 7f274e40e3f948b88e6ec4586b5f90b8
SHA1 33711bed4bc93bbace5378cfbe23edd5d17e5209
SHA256 96f95bac0481fb27111dd896e55eaa73cfab2a9a326cbf34fae20c821d4d68b3
SHA512 b8f4b9d9612fd01de815c26e5636c046846159e68ca71b0b2756657a021ed6905f8a54847175a521ba48c41234f6a9b2e26387119fa14c286832fb61a179b8b4

C:\Users\Admin\AppData\Local\Temp\fQoskkIs.bat

MD5 ed584236fa8746fa93d199c10a4f52c0
SHA1 14452dbdf0a881a370cf4beddb57673f6d99ebe2
SHA256 f12d1406a37d82d086f0f5ada05ca3828901a0e9328dee67e6c0111e44933486
SHA512 0e0ffe2170025eac8f01a8fd2b66bdeaac85aeb75b15f2d1257cd1dbf795a59a641963b50f69dea7a46a1f308b5a07041d861cc701849c960275e4ca9ace06e0

C:\Users\Admin\AppData\Local\Temp\kggU.exe

MD5 72c3c9e9acc3ecaea4e7b31ad1eadef0
SHA1 09945bbc769b876a761e68906e16e8b14c547550
SHA256 d97e296471be17420df4c68a4bdd562bc40c8f513e60621054c435eab779db37
SHA512 7a472a356438ef4c8bf149ad457e3b70722e1d7f1ec021768964200793314b7796b64ed9cfa0e8be2d1aedbcbe9d1c77a6d6d0a63c64664c0584da76100ea62d

C:\Users\Admin\AppData\Local\Temp\GQkw.exe

MD5 1f35184e9a10797e3c97e389d1b63fb2
SHA1 afd8b0be061096ebb8dfa1e7ba4d92c414dcaa95
SHA256 921e2b52bb55aaf446f59c3f8a009ffe45789a45991538ae6c88eac309ed3d49
SHA512 931675e46d4eaecfdaaac635ceb3858520b177f54e2d182f4fcfcbce9f2a4a92cae4dcc5dfb45317467413e0c47fea49fa814461e973ee83feb5d881d6c07869

C:\Users\Admin\AppData\Local\Temp\kcMK.exe

MD5 e34c606c5be43e404c92d04451b3fa27
SHA1 88aa8ecf04004be6ca04d9d2b3e8093c6652fed8
SHA256 e687180bddee92bc2a2a3192c2972646886d25d387a64e899166530776610400
SHA512 139430e640308acde5c5acc5151c994a89dd8ca86d536421760f163c4923068b2beab943df9e0473e320f46e581d9e09a35ae50cfbe85d363c656464f48481da

C:\Users\Admin\AppData\Local\Temp\JGwkowco.bat

MD5 509b0b9ab1dc707a6c2336e0fd731be3
SHA1 9f80ffc757c7bc645261f2132f2b93dc4f8bdab0
SHA256 6378737551da8c26f5bb3ea835e264a051412bb445fd35ac9459e58b3641ee50
SHA512 9d2b6c55c4e71bce91723eed058de0ac890790f2729eeca135e9099fee68a0105ae955adfd172f54f555b6448a2e6e64bcf7ce2bc6d39111cd1c8a4c4b66ab09

C:\Users\Admin\AppData\Local\Temp\ugMi.exe

MD5 1426d2abfde295b1e19902988f89c6c9
SHA1 85e381cf5ac58510e75674506465d48014975400
SHA256 a86aab506aec5f3929a8f4b7f8fd0436ab6b4ab4780edae52a3d9259e3a883b4
SHA512 35c21f337e6fb697e2dec40c212fdbaddc6d0584ce68bdcfb7332f2e3ccb94a75bd3b133d59dd44781729d872c9b9f15196e0b4d5ba0376d0a26e233775043f6

C:\Users\Admin\AppData\Local\Temp\cEQi.exe

MD5 bd64262ed40a8390c83ab41659c1a303
SHA1 69605aaab95d8e06e10d5378cd610f55573aa17d
SHA256 418679a3303cbbb2e6285162cadb09d64d113a4771f3c51214091ceaac83fee0
SHA512 4ec48e7df4ca05b76bd09fd22cc47fe9f53befc567cbdcd46635a2366b264285983de78d18f7127e7cc32f98303c0604b377ec37fc325f2e265f3a5664bbafcc

C:\Users\Admin\AppData\Local\Temp\yAIQ.exe

MD5 4cd9d208dd8fee760cef10d790ce49a5
SHA1 6ab97b47727e7e47c8111e75b504c4fe3cfef326
SHA256 d8d97e78e0dbf04495b6f8793573241a01562c65e2ad3b06abc1d89512a56a5e
SHA512 c9df975c5d9ebb3b30ca2ae54dc6d10251eca362fe0a1c9053a7118d480ce355a296f0ed7f876f1e1f3e9517f6c8779c37e34dcc3f1349e675ce784595b969c0

C:\Users\Admin\AppData\Local\Temp\DIsgcgAA.bat

MD5 c113009f93662a87524f4a08b2dd2684
SHA1 19ecb26bf0ecb3b1dbe161a436d729e987014818
SHA256 4c951ee764e96158e229c49004a5c12d8811f6b6b95c5d7741edfbe6ae07add0
SHA512 1e748cfb0a49ffa58de9239a84f20e3fdf623a7cdb455227c285c7baa845990fc6b940f4c4a1fff79df7b090b1a8f1b3e61872f1ccee53f564449d114ec7e48e

C:\Users\Admin\AppData\Local\Temp\KEkG.exe

MD5 cb47f6c84ac2448e60214b74e17e23cf
SHA1 0750cdeec837f4a690deb5328afaa7b468d80340
SHA256 03a033568240442ddfc042fff085ae6d777ee6379d184d136f5460b5a36d63e4
SHA512 e011bb699272195ce0918e9abec417aa2cba413cc2d3eef595edccdd942113275ddc2f33062e52ab1eb88eacad8315de3ecc4c7482ad52d1e6acc825deca3a1d

C:\Users\Admin\AppData\Local\Temp\IAIY.exe

MD5 72a510371575d9d83c4f90f70b5ca199
SHA1 1ae22b1b24b54de169efa72e8a378a1b59b446ef
SHA256 90215bdf1912779516f04dc941de58d8bedd666ed158d676f42952e35c0335c9
SHA512 f4d6c0c59450332170dc21c2f9d6e596417db41d3e0058133c86a90837ec0e6d4425c2bcb4811b9c509617000c93b30501f95f7b6a801fb6b9bdbc85a84e77e8

C:\Users\Admin\AppData\Local\Temp\WIEo.exe

MD5 64b1c41b9e14fa3acdcee37ccd9176b8
SHA1 79727233ea735336e8a68a8bea62e0f35555fa0f
SHA256 f84fd956e7e326d5b72d74de28ff42841ffa60c076f50f8f8e304f5384753ae1
SHA512 98e8f6a18f77b643e251c588cb38ecaa7cfbf59f96fc2ec31d3e0df7744c6719dab08e235c5ea4cc848fd709df7f8a576a395fedf07f28f80fd89de743dcf356

C:\Users\Admin\AppData\Local\Temp\VsAoAsIU.bat

MD5 d12292eb52970d58d14bea61497dd276
SHA1 bc4853fa500a27ff8d28a542291ec4782fde655d
SHA256 391b254a91c6d34529021b2d0b3dad42f600e6e42d535547e0e1da5d63843d14
SHA512 9ba21265bdf4b6f99e743f7dd995dacbf0c52c82c1d64a6e3c5a3b23dfd9f1f84665d3c1bcb2e763eceb8c85bb3743912b4b72e0ad17a331c8bf47d99525571b

C:\Users\Admin\AppData\Local\Temp\GgIu.exe

MD5 765a5e705a8f20d5cf92458726b7f324
SHA1 18fa4866f1cf7175c0b13907d9f28bcd4b90fcf5
SHA256 42e80be82dfedeca5de9c71a84045cee22bf644bb26793eb0fad0da9777b65ad
SHA512 054ff53140ba5b9274945ef54a395046981faf8bab6efdf8f51e0210aee0a9f29c601ab170a7061ba3a9879f5b650185a6025310d5eec7f334d31da4b8032c8f

C:\Users\Admin\AppData\Local\Temp\Cswm.exe

MD5 a6d50f230d37445b912b20697b620e1a
SHA1 e5345a9cc8cc9c011348f5c707dc9bb250fb626f
SHA256 ba96a28d69e4fbd4d32e54b43988642a45a52250455779196c97ef2b500252da
SHA512 815fc9a0bfe1295660221aa32b280a5d750280e7b408a8ca7f4f25a2bd7b9e07b4b9de68b2631c8bd4b9ba61fbe1c59a380538316cd59d3d804aac08aec65f31

C:\Users\Admin\AppData\Local\Temp\UIgIkUkg.bat

MD5 0108028854036516b981e77f1cf9f44c
SHA1 95477ba5d8d8412d34a4b129539a72a567957c44
SHA256 4d946e0c74e31718df9de5f7cbcd40abb8a88f65c69d83625168f2c87c49300a
SHA512 4497a276e515d9329b17198b14eb4a0ecba7e0812a01fcf9598dac0569a03e890665d135fb14b4f6cf3260b232ac18d129b980452b0f1c289c0b1691b0bae589

C:\Users\Admin\AppData\Local\Temp\akkY.exe

MD5 02cfde704a35e7239221692955d8cde0
SHA1 5c12251a6d48d6d0298762f259448b156bdaa4b7
SHA256 a443ee1372f2fef829c92daf486c2d42e8059c139271bb11d9ecfafa2416f3cb
SHA512 05d83a1d588ddf696f2709e32c4357d3e439cc1e125c1235dd2c734f43be4ee60ce88d2129a60d3d4b17f96251a813c11239dc22eec0df5192c68eca050769bb

C:\Users\Admin\AppData\Local\Temp\owwy.exe

MD5 5e91dad9fe2a6f7d5a501447915685f4
SHA1 9c54e668694b1682df398077c28dd7337d4af97d
SHA256 ecdc5b1f9bb85bf09121551c8f292d4923f56bc443ef52336cbf0ea7c1982e95
SHA512 17e933d59535e2ffc56e14a470c02eb0db025cc93b17cc282477d7190c61dc1850a852c12c378eb9d2d9cb801c34fa76bd09e90d8397dd10f153358c4d8e22ea

C:\Users\Admin\AppData\Local\Temp\ycoo.exe

MD5 207b6146983cb8d362c8de73b621e152
SHA1 513ce5631f871f736a87c2636fa9c1b85e521b96
SHA256 dc75927bb977e09165eaf16a1ba9ba718b7902a8c527ec73ee90bd2f7821935b
SHA512 bece23b5cc59691d857d13c8807007ed1e377a724689b9601a46fa5f667c858c22d236c6a63504305cd09bfedced3bead1692fcddb6b664ac54d524e73615c6a

C:\Users\Admin\AppData\Local\Temp\QAcAwswA.bat

MD5 de528c1064b133e8090c18bac3293a3d
SHA1 c2ee04d636edc94ec93fbaaa24155eca656ebee6
SHA256 cd1e896685f8723a6fd4efba5449c33919b4eab6312a470d55c3ec7af8e6543e
SHA512 3700c870f1bed9fa65e8e9133b592c0445d8ebf438465e6a1301bc1476784f977ff5cdf82d272450e4af389dce7bfb6a31707f72a25dae1c2917018c3caf85c4

C:\Users\Admin\AppData\Local\Temp\uIAk.exe

MD5 9ade73d62b8dc6ea25e7a6439b452fa8
SHA1 b7a41e078a484cb68c4dd5a5a0b7ff1434e41f66
SHA256 33e2f2cc96dbe9ff7a5a4b60ed176f58ce5d7ea8321a1b916201e225f7e5535f
SHA512 5edc3b6b91206d02e253569e1480ab437f096c567cb79468644abbd274c07957e28d64be0da008dad7447dd7817a304c46f308ca9b0f46f575e6ab22de37f57b

C:\Users\Admin\AppData\Local\Temp\EIMY.exe

MD5 b589fb82364b52e8c3a8beb64114a391
SHA1 3bf3367eb943286f18e6c2b810d5646225427d58
SHA256 64a277de2d15a8e6a0e3e373956cfe756b764b107059c468de8da48d37539b11
SHA512 898375838753c1e4eac556eeae4b273920f266111b52ab4b99937e06a76a7f903b2f7e7ccadb44ea6e261e32f1e5f00049abb5173eba47d7eee338645dc5bd68

C:\Users\Admin\AppData\Local\Temp\KsIS.exe

MD5 3caf44a0eeacb7986fc0850faf96cb54
SHA1 0407e209ac6b1be8e78790f61200c0fed590a4fd
SHA256 390d0b0b59dcc0cdfba9341fb65ec55b4e834974c2d11675a04c1b55bbf8adff
SHA512 f4e49dbaf20e675d3ba7f27ea8cd58e4e188060e830aa76dc3aed568d54723c56e310b0f10b97d6ca8b26fd582ac36e98207a7e24f62e34f9a1370b4a751b08c

C:\Users\Admin\AppData\Local\Temp\uEgO.exe

MD5 4f7fe67bb000ec404f79fd3fc5f79402
SHA1 3a089b5ba7e4e1a4175b8206213f75227559215b
SHA256 61f7741a01ae78c4eab6b8555c851dc15d5ac836b29a6d4a2e6fdca17c54d602
SHA512 636c9eb57cf32c79db8dea16f82410718edfdd7b091cb680eff68efe4db2a42f4631a2faa32796f125c9f05c17024a8237663e4b8377cda2cc8e1724cee43c38

C:\Users\Admin\AppData\Local\Temp\esEgAMgk.bat

MD5 c0a2b1ebd1ec10db8c153481e895cd05
SHA1 572cd738fa0836f7952773d4a96858c6bfe5440b
SHA256 e98ff029de1daa3126c8fd930d77e286d5e20edaa25562fa05048376c8cebce2
SHA512 9f26144b4fccd69a19e891366cb3a11c00ab06de9b419542e61d04495b85d3edbc15fd29687a1e1793c32c787cc1e1a0905beafda0a7aee5d43b6a551efc3d05

C:\Users\Admin\AppData\Local\Temp\CwIA.exe

MD5 ea854d7eedec1c292cff1d1bbe7aeae3
SHA1 90fd6e05e90c977f655a93c5910cf30340335217
SHA256 8212a37aa96a68eb56aae16280da106b4ec952ec14626b8ea70025e53deb5535
SHA512 8f0c90432a27154f0b8f72890631f762a1eed2724fcf703c8592689967aab2db70fd8be5704d685d4485c8f72a2365b0b2513f916283d5032e09384a8db76824

C:\Users\Admin\AppData\Local\Temp\mIgA.exe

MD5 b4655c30f9700b61be5673f7e9ea3e4c
SHA1 2102ce77d4ff712c597d56d4d68b61fab2190a78
SHA256 15b82097a1c1cce9a57f06e61914fc2972981456b23844ee3c4a184136d8d762
SHA512 3557b58f30c0a4cdf939fe65f6ad72ab04c70e3e18f56cf95dce78dbd706a6de962fa2df531eff51c78f392075f2c73f3db32e9e6ed00428f2c9202d820b4b6b

C:\Users\Admin\AppData\Local\Temp\Uocc.exe

MD5 fecb119e65de9018b9028a1668911384
SHA1 4753fb5f57fc3a871e21e767f40c0522c6c9162d
SHA256 ddc4815a301ebeb5e1f48de77946f3a47c2cb40023e9dee4521929d0dc785785
SHA512 aca794beaa836f85b98f29f51d981af1a4ea2386e43e167e53033cf56322570adcfa21a5577f6a7d8de6ca1aa1a35d324dfec89d604c923a64192b971ef37938

C:\Users\Admin\AppData\Local\Temp\KeskkEAM.bat

MD5 5fa3db04a63d6ae5a6a610c61eef1ae8
SHA1 e2caa29e149bbf2880fecbf26a055174c6616ac5
SHA256 90b35f441e04ed198b23e2fe53ea5458bd6223f3c23702f20cb518b9f4b0bb6c
SHA512 b66ec52fcc2ee79980bb84812a89cccf3537e046ba3b5956bd61524c68c3bdf579bb654b460453b5b30d60c283e778adbd1059665b798bc910f14355a42f68a5

C:\Users\Admin\AppData\Local\Temp\ukIa.exe

MD5 710dca704e02d101f92751987135ce98
SHA1 665f0affa75b182ec91f4cf1a0a7b35c5c1011bd
SHA256 99326cc86e30171e2cade0e158e0db080bca5efd7834b42bf78058d00122293d
SHA512 945f2b0a2b6e635f93093523943d7339c112a3863f2d36f58932da79158087740ae06f3fe6814e70dafd0ea4c5607c7f34956b286363bc18e7366a1d973565e9

C:\Users\Admin\AppData\Local\Temp\GUke.exe

MD5 1abcc1fcdb0f5a81552af01cafb20b72
SHA1 a1094982a170c8271f3f440776c50487e541d2e5
SHA256 31841f47f908df57f4431faf982d7b6f5be8379125997af62f8aca6076e45077
SHA512 f6dbf059d86cf24dd44f92a58317a65221497188472ca1aab4bbc79c1541e456c1efcd78d60ca29b8fb009e29c2d62ea4803a18102f03ff2dbac9c7ded2f62ca

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe

MD5 781fc7be03c27aefff55cfef3d0db4df
SHA1 73c3526c8237e63b953fa38674df622b3d244871
SHA256 7648b8c656ebc62258dfd9dce168ab77f136fe560d1022a118748333eae1fa52
SHA512 f2deee32caedd54f26c93a77dd128533ac393419f9d9a302df9d06d4b826fa355c1dad8bd6462107ca9e80dc462f38da27070ec82db70b663fcce1802b0cb3aa

C:\Users\Admin\AppData\Local\Temp\PqYQMIkk.bat

MD5 c349ca49dc972ce940e601712282d320
SHA1 0e27fb85f49a14dce1fccae446d59b752de8c49b
SHA256 1b0c6ea31bf24f6f071071a4f5a4c758839da55a5e9a40e4b31a98a887e515c6
SHA512 b0c80f255488009dcd834ebc1c8aeef1fdad1c4a87e461e5a02a046eadbdd59be37d0a1487a103244661245382573a535d8eb56139381ff8eaa43099e6d6a92a

C:\Users\Admin\AppData\Local\Temp\OQow.exe

MD5 1dfe9695c75df9d48ae64758dbafe338
SHA1 86b2f58bbc610e80ebd11b5e903cc55fefcb448a
SHA256 54afc10bc2613093873c6ac7bb7cae64cc1e40a3d2b7384ef1dfaebc302b82a5
SHA512 4af851cbd9bf4f92237cb2e6ab1fa6920a4e6a2b161b32c429be8c5ae97da7f0209231a5c85cd72217e9e91a0a4224111aa7d7ba1cd94f5a13086d8cf499e758

C:\Users\Admin\AppData\Local\Temp\eMAY.exe

MD5 1c1adadc29be332ba38a7a3d3678297f
SHA1 4fb015a062b9d3974f8f7acf6032a03abd6823c2
SHA256 25255204465fd65c9583e54c288a33718dc79c9032d1f14ae446ef64d8fff8df
SHA512 b67aa4bf7c520dfa47d2c0c40b75489598378057141e01d8527e3030677ec44f07baa9d9d64f6cafe2073c92ec8b7fa22eccc92f1daaa17657bedd6eb6f61776

C:\Users\Admin\AppData\Local\Temp\RkEEgwAM.bat

MD5 764da23906fd2e95fd1ccf47dcb89d70
SHA1 c08661873671938a26e3e9b7b6d3fb1aba459897
SHA256 5cee840a95d66642c0dd6d9d4362a0479871d7bd4aa206b4c2db71027c6eb59a
SHA512 ffc5ffa8805762cb2b589af5a9d029cd8d8bbe8841f5775c1a1a6cade6e747dfd181c340c7f9cc4676f6f6e5aefd59dfe77059bb6e14cd327823b2a4e00f0a23

C:\Users\Admin\AppData\Local\Temp\iEkm.exe

MD5 bc9e71b241da26ae6ecdd52e866ddd13
SHA1 355363adfe096773499944883e923bde6269a408
SHA256 a91bf0477285d9e5891132d00b85f013e5db4126009f1919bf25b5f9a0226c5c
SHA512 499b73fc8d0a8b06b6b96550a8632f6d09871a714b07d67de3683356896c68fb85981a777eb329117afcbccabaa52435372dafdf330cac1d842e6688b7466329

C:\Users\Admin\AppData\Local\Temp\bcMgcksc.bat

MD5 74477e3cb0c0b43fc74a624e5915bc83
SHA1 e95c7a84c914d53676bb1360e68121fcbcf78ef5
SHA256 04e70adfbe2c672cc566c5df359b57028dc62d641060bb014135aa2d323df661
SHA512 33025a89a305a7ed1df65a0c382aa5dd06911ab5c67bda1a33ddafcbb7eb4758937abaa818c63c8ee84afc7df157cc73633a27ec7c9de3b9a7cdc172c5ff82ca

C:\Users\Admin\AppData\Local\Temp\BcYUEYUY.bat

MD5 6c27e355b3bb9eee9e3b3ce8d995b314
SHA1 44e0cbd600c816b741ab8bbf94f188db5ab495c7
SHA256 1d88456b217ed101f30722d631c4ccf7e1908617b3a16fda905692d8060cee9d
SHA512 a271651355ca59ce4e3c9c3b11236868ce1c1742ee2c07f8d17a85774c01cee20b8c0e534b11b77b980d72cca49d122980ede24695d66548986ea303ffde967b

C:\Users\Admin\AppData\Local\Temp\HYIMQgIA.bat

MD5 a582858e6287e871552a2cc475ba778e
SHA1 d8d9a4c77fe1f833ddfcda45916bdbb2ff36f4f8
SHA256 ca7450795b4d139e48da09fd95051548752f8812c500b07052d636241fe685dd
SHA512 2b786c4843444473abaa854b62fe06b036a0083f53e65550e23d8f1e7affe95f2f6f6bb5dd084330cfc642b24ef7799848f67fa022d5f923046433d23a8edd93

C:\Users\Admin\AppData\Local\Temp\mswe.ico

MD5 6edd371bd7a23ec01c6a00d53f8723d1
SHA1 7b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA256 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA512 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe

MD5 3c5c7e3dae9973a8b6470b1e87322e18
SHA1 88038109018b0ebd3a0884a66fd6ed0611bacdbc
SHA256 1dc79528fbf649f6f06fae3aba53e701a65ddedc9dea8e5e891111a601811427
SHA512 985cfaf0ebb62aefe1a1ebb52dc998af517367834c578825e166f9fa65c3b95f3c1537c3f8feeaaa4fe2f0483179235fd2014959cba9c6b77d3fc4412bde60d9

C:\Users\Admin\AppData\Local\Temp\gEoS.exe

MD5 63a61d1cd81b4f5c6e6e3b9edee72a90
SHA1 24656c2984c49206a5598b4fdefb3f0093b2da6b
SHA256 fed90b7747cd4b0e0f216e30d2e38c107d5bb69390fcdbfc9295bf497bb60212
SHA512 64304dcaf9e99275aef9e5096cb074c103e2c04c838a161c31bea081dc18cb7916fdbe12869c17aa6db852a5c9be412eb7a5decbedf4abd63e406146d9ceca90

C:\Users\Admin\AppData\Local\Temp\EeoswwMM.bat

MD5 4dd2e5c993bbde354a444f837519677c
SHA1 3d8ad5cfda505816a0573f8ab4164f1872241d40
SHA256 81fd275482f12d7d507981736009bccb99d872f7be2fc9cad59d25b9e23ce906
SHA512 8a1300f20e589e6ed9010f2ae143d06fab7f8b3645a6d30ddd4640b9c3c464c6adfee0e709c5ba977323735a052d25dae63903784f682bf79ac1be25dcb4ffba

C:\Users\Admin\AppData\Local\Temp\SsoU.exe

MD5 6c97ae7d3ae2738ccd3bc87d5d7bd435
SHA1 f0cd4aa378014a449b1da34b5318c25772ed3c46
SHA256 718f9b4b6db9664c0341b3ad9bf96860267190b95c5a8c6fc74af6cffbbc484c
SHA512 79c2730c95b743fc614d2bdf61cfbe9110aa13cf974d724df25d36dd6d674dbbec86e0b0f6f772fd508f29f073fe6b3693602c3c9ade3c65cc5b734594a9cf8d

C:\Users\Admin\AppData\Local\Temp\oMsG.exe

MD5 c5c0753d0cde01d725f906bc16694b04
SHA1 6601d303b63c77e3bda788c48e6ff2f83f22e86d
SHA256 2ac063dfdee431950464af3d615e57399f977e679a599fdcdcb3e91378ed216c
SHA512 2d8794a2ef9b183ff877dde0d3a534b42dbdba8e915da263432f07ed846583a64e630c342620a1d6328a1bb69bb2a11ac526f918b08335c9d41ff1b8242917c8

C:\Users\Admin\AppData\Local\Temp\OEYS.ico

MD5 f461866875e8a7fc5c0e5bcdb48c67f6
SHA1 c6831938e249f1edaa968321f00141e6d791ca56
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7
SHA512 d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

C:\Users\Admin\AppData\Local\Temp\yUka.exe

MD5 548c5614a9e522caa307a6f9151eac0b
SHA1 a5f5d90efbc3820f156c9f6a655bacc1c55d7397
SHA256 c7089f6c695ef83810e402242af3ddc1393ab76773c990278f719caa64aa2e6a
SHA512 eaaaea3477f1c00253d3273afd72067eb064dc17100f65ae71ea1b7b7625afe937ad4136db78f2f318a0c0dcc9edc7aec8c6d3d592c1ad4a636343cba9af6ef5

C:\Users\Admin\AppData\Local\Temp\mIgu.exe

MD5 37e8a1f5cd034d609300ab09906e6681
SHA1 2ce7756e5de1ce4fd8e77678f68afc2b4151e796
SHA256 f4d83f3ab62fb69a2fd9dd683bd5f8e3157640588dc5b8e7b15ffbbf070c19cf
SHA512 fa42524f8c8bb7d4411bf2951f8e3a5c51ca1c64cfeccd59d745696f44ce9392d1aa94ea0177d8c6b8626158c22ef4df6e1c5a35990b72dafa9169a708370e8f

C:\Users\Admin\AppData\Local\Temp\OQMO.exe

MD5 5475c585af20efbe8a47d25c36efa661
SHA1 0ea42a8e70e8a238dafa8f5c547333c69092dd72
SHA256 de374688b10e6efe4c7d207757aedec8a1e52fbcaa08dc2dea74e13ed10d1246
SHA512 da8035c0e49b8ebf104150d3c16fc20f8a7653d96d546f44f3956ba9da81bbe3cf44567903c85ee589b8fc2d34b3f419e08cf0a5c95a8e582d45063d691ff57e

C:\Users\Admin\AppData\Local\Temp\OGMAkAAE.bat

MD5 844bbdcaeca3f523b97c5a92d40dd402
SHA1 f022dfe513d072dbe3bee9c08f929b7f53cd5467
SHA256 3674686122ecc3258d73ac341cd4a5f3d433bccde42ceeec2aa4ca3c8433ad66
SHA512 c5c9f4c33c63511d109699c1b1bd178a958980f3de94e3020953cd4c4951e093eb26b716e6a562f29fcea426b8ef5e26fca5db8302475462a19cdfdb742980e1

C:\Users\Admin\AppData\Local\Temp\MwEk.exe

MD5 03fc2eb5fb0d59688291baa0aec9cdaf
SHA1 be5665fc7a8e1ad9bcd98f75a7c2562914306ac6
SHA256 9f245cb34e8de8c5a0b40e58e33d553f625f7d8dfa7cb90f869ab1668afe3453
SHA512 ab876415b9ab1b3b0b193e1f3457bd097006d4e4f5ff6a0ba8e38e3a6b586728537530207af086b863b8002f0c0b359768382dc07b4c24d0a76822cadeb6cc1b

C:\Users\Admin\AppData\Local\Temp\wksa.exe

MD5 21412c0a700c791ab55c1f276f3f09bb
SHA1 adbbf21a12141d3720991b8016fb3c8404761b9a
SHA256 71188ae5d7f21a4e4d37f9d305c86008d36f880f51e90ba99311372239043882
SHA512 f6e061b4914ee0a5aefd94a44bf57aea590a5db66da1295074597db7a26eea603874099835fa067f226bf28df9764af6e2f3c33d1196974b9f46caf70b76bff9

C:\Users\Admin\AppData\Local\Temp\SEUS.exe

MD5 d560fb714336fa0c898d00b0ced37e27
SHA1 7cdb97b79b375991262867382365865dceb678ac
SHA256 643a52da95254d0325f40f2e224469d431438f412f688346808a2d1c5c819d7c
SHA512 1a60041b52d903de5f69549e4b457b09855fc119114cd1538a1a1c6c8e9546eea3a1fa23421858f51174461997d36a517819bf6c34d61be0a128913828cb6203

C:\Users\Admin\AppData\Local\Temp\mMAk.exe

MD5 f31a144d1624d3f834078de1758afded
SHA1 fe67524865dabdd118b66cd089683db8066611f8
SHA256 ce4c1ea2f113545e220220e4fd5e83d6c8010218dcf52cc44d5e3afb360620ec
SHA512 7e695243ef2ca89328652f057a859742f7ef707604e6fa7281e39f06e0602f7d8796a5ecb2286f4ab6ddb67c5496af89c65fbbfd9554efa0e5f90527f16a5afb

C:\Users\Admin\AppData\Local\Temp\YuUEQUgk.bat

MD5 5a695fd2004eeb1559a419215bb9f1a3
SHA1 3e4ba1daeec783b2adb1718c468e57bf7b00c9bb
SHA256 4e1cb46014edb185fada3d070fe7a8b24c4b0a58ecc0b43dce544ac2c285d215
SHA512 d8a7073e4341d74b9d775111e146de06d2b861f60ab8bfe8724cefc911570f106d0a42942c4ac0e9552c7a70f9785f1310bb16f2655018b0b8a253dbc7822055

C:\Users\Admin\AppData\Local\Temp\HqQoEYsI.bat

MD5 99adfcfe9d4f6ae7b4d58679f5e69adc
SHA1 6b879b3262c925740f52638d68f31936524c350b
SHA256 09472a0786812dc2f4eb8cb336420f03324c3ce07a72ffed91b1dcc8eb7fcd5e
SHA512 29fa41500d8e00400811e9fe5fc8dac940288113e7d6964552fb9bac6dbf31fd19792b4fb640a330b3f4649a8eaab8af903029164e9a1665742b7d2cec25d25c

C:\Users\Admin\AppData\Local\Temp\lyokMUQk.bat

MD5 9aa1fac54587d12133546a53382bd53b
SHA1 0e23ba1d68231bc12fea6ff14e264d78e008121e
SHA256 ebfad4b8a0cc6e1093cc779438305d6d988acf913b38b403fae4c2c1970334dc
SHA512 c8bbdf856d908224a0587d3a5095258390d0406dde863cf755e1e1ebedf17fa490e431a2856c2835146a332ef06a28b55c6867f03915f627aaf789d80fba7986

C:\Users\Admin\AppData\Local\Temp\BCkAwosY.bat

MD5 0a29db5efe65fcc8ee3cb21a44001714
SHA1 cd2bcd23d682e3f2fb7422495f154aeea072d2bf
SHA256 e430e4d2990ac426665a7a654bceab81b9e491fa018a708e49fccc70ca113567
SHA512 3a65ea885649663b4e18791bb2c772f0f3df686d336f5c2e950a286a7fc6af1ac18a856b1246d09a8c113590b62198c2fcbd6a9fe4c6cfd75f03370be8bb1a5a

C:\Users\Admin\AppData\Local\Temp\BgIAkkQo.bat

MD5 425d7ec685bc8b47de471f3627766743
SHA1 c4d8163a71c5d1def51b65fb5232fb914147b3c1
SHA256 68d90de47fcda68e081e8045e94836cca4fd9e59dc83c27d65ba5eb62d42fdc5
SHA512 7c2267d96d7cc852c91b7e64fbc1e62208174b8307cf223477da1fbb2f73788ffdf4fa18ae323c2a110cf728c6ad2d449235b6f4ae255f45c9672e947e51e974

C:\Users\Admin\AppData\Local\Temp\kGUAwgoM.bat

MD5 eba527a92a827fc63fc254ea72c9a52d
SHA1 bca825953f08556ac9b1f58f227316af8f0cdbaf
SHA256 9015b2f350bdb4f7ea7c15011c6356f41a5ffb4796ccab9ba9a78d2e1be5aafe
SHA512 b0d2db3d4a9c44205997d9d1f30796714829ce92c0455e8ee62aca1f0ecb5f74bd3032b8ec7f72ccfc008c1b4d41e4781178a72b128a92f28af2b6644fa390ea

C:\Users\Admin\AppData\Local\Temp\muEoQckk.bat

MD5 7e48d2ca760fbcc625a2e19c081629ce
SHA1 e6fdc25865348941c4c3894a2f9d8ed271e9d742
SHA256 a5a905e2c4198d6dd1b3a698c1c82701bc24400a532a09b45af28c941263b381
SHA512 2c865bd50de42248316ff343d8b763cbbf0cd79146099083837434ee2bc3214b03bedf2630ed72fc2cbf2dec4b92e0db7eb8aa974d49979cac9179ec532d3a45

C:\Users\Admin\AppData\Local\Temp\EkosQsMQ.bat

MD5 60d3b03d034f7583209c9f4ccdfd9d7b
SHA1 c023949819a19b48982a156d68182b6d121e8704
SHA256 f5922b12759b64ab340e052032fc6a985b3676b561248c5127270845e123f45b
SHA512 be4e17ac09340afddf8e7884253a49a3ecb564874179d99c1359ec34687fe5afd821067ec0c83c9cd7128d19d4852f6a962191496e7b2ae963f1a9549674a313

C:\Users\Admin\AppData\Local\Temp\qycQkIgc.bat

MD5 1c33a568bbe3690c3a4b353c5bc80970
SHA1 d8cbda5f52a2c553daa177066e073fc3354cde49
SHA256 edc897e73e078502f7dc251fc1dd2e7479e6b98426fe7b1dcaeae0679b6beebd
SHA512 5dbde4b764f77af266bdb940b6a32f44637fcf1d14b77dac2cf3dfbbc440fdf3c0a60730540c393eb93d0cc069546b69f0d3b5afe312772007c0ca8343087ccb

C:\Users\Admin\AppData\Local\Temp\kaYMYIMk.bat

MD5 48c07560107fb341a8262f8b9ac8a1b5
SHA1 12e5077dada6a12e9511d535f23b03ebcaf878c9
SHA256 d264400d0f191a2574f6d519d6618222188cb7a9d9bd34464ee04145e5d72117
SHA512 6e33514e92685ce6ed686b6b258849ee5fa1c1a407b47c3dc255353e06f9bf3a79187b33eb1c14557da67014f419baec51244d2f1517f44bd3c2e046528f331f

C:\Users\Admin\AppData\Local\Temp\VMIkYsww.bat

MD5 3ac5e71bc7a2b051aea3fc3c5ac2ec66
SHA1 e0ad6ee0aa62453dbbb16ca58bbf16aec6970071
SHA256 e82edc80072d222c18b44c3f5de233b3fa26d6fb30c92fe9596f98f203e03e31
SHA512 bc5e1dccf93364ecfa2be157ebf380f26bf286aa481db72070b9aa7ce8fe18802d08d7ee249bb44edaca564863996e90f49fe532bb855e802cc179bd8e066972

C:\Users\Admin\AppData\Local\Temp\PskQYMsc.bat

MD5 3620ac3396c20bd1e11294fc85a22be4
SHA1 56df61c9ceb877ffe8bee3c5c9a4148284b95759
SHA256 ef20bcbdc7813f5b8a2d6da6fa98d8881b128a2acda51f7db42264ee9c6260fe
SHA512 cd281c8b2e16fe26f37e46e317e479820fc9eec0991965f821a8b6e93ca24f340dd36e25ccdd8c0d692a210289101ab6fff8a220bec1e28ebd2a175bd8e41723

C:\Users\Admin\AppData\Local\Temp\hIggQUAw.bat

MD5 8ccdda2b65415b2d3e8e715c5fabae17
SHA1 b7459e7ae26f3c45562666807ad9d71e5bb617c2
SHA256 3b97b26a86a26e6ba8b81ee4f1ebff9fec31fdf17b1c61e10b9df45955290271
SHA512 97ae39d18961ded91596d63c54c7dc8ed397045f6cd1e377bde7f40084a3ccb1dfd652c70eb514044dbc953b9b2afaf1f375914d2e7b7a6a076b991d0ab5036f

C:\Users\Admin\AppData\Local\Temp\PewYskIs.bat

MD5 812fd51e920149329a02cfdd29f22be6
SHA1 44fd899df5db827cbadec61ee1fc6701b4fc1817
SHA256 271d453c23a3d869493e772e45bf800f0e6c2ceb7773e8ed2f0b4244610d95e3
SHA512 6cd37221beab62e9aebf4c448b971ed5b72f1c090a634b5c0af6a300ec8dc0f99360d9dcd9174e51cdc96d592f3e0ffd4739ad3d35f859de8248ff034226492a

C:\Users\Admin\AppData\Local\Temp\LOYsYAMQ.bat

MD5 c2eaabc89d85fc428f5dd64925a7ccdb
SHA1 b71f04629836557af7248e6abc64ef4a2135f930
SHA256 e5bb6df36a3070d4ab89f0bc1e83100aaff264f77e1a6b1837f551ee59ce5339
SHA512 e318a97c6cddb3caffffe84fbe63e9b6efa132fa862e6b16ea0926db37cccdd795f7ffa925a2c0de507fc749dda3479d4c5634a5b1ccada0d04fabd9064ef839

C:\Users\Admin\AppData\Local\Temp\AsgIswQk.bat

MD5 27448feca06c167b9e2f90e2f1aa0459
SHA1 ffda829e7323075e3264eb953b019aed43909a26
SHA256 5de5af0b5d8091075fbdc06e462796e7fdb668eeb9778edb327b705984e7879a
SHA512 00f349b015eaf3026186d1f2b71d549c6980e8f2c97c87fa2125a01859316c3757e377cdc415ab4f217230c70fe0041ccf704c097f7c880fdb11665348797097

C:\Users\Admin\AppData\Local\Temp\CaEscMUU.bat

MD5 7bcca25eef3aa2ba7c8a5dba936c1535
SHA1 e6661eb94b1bdb7863ba7ec22ee6900731862876
SHA256 2be8e86809be86dd9205ddd7a9849c475e7a2b8e7bf86e9c8973d2da07a5aafc
SHA512 c9c00207ae8763c5d87159f2234967be2b25d9b631432c4f2affc26a3bba8ae975a5048c82f30554f1a7c55dae2237db83becf58896937570880b1231e92fd27

C:\Users\Admin\AppData\Local\Temp\cMoUQsAo.bat

MD5 f019dc97f7953711bc0bdd1258f90eb9
SHA1 39b5365b7f6caa48331c573db1dcd0f65bf3da3b
SHA256 85272fda761f4315921ace32d6fed54afda7095363b5d5cbe26c821a10c5330d
SHA512 adfb35fad26a05a9db999bcbc689c20b7fa08991b999ba75397c7dbfcd30a8d98c5d7a8f702d82d97ff7b9ffe675e4ab4d1903d802c55b24b94792c085baf800

C:\Users\Admin\AppData\Local\Temp\ICIkogMw.bat

MD5 6efdf5810622555fa925972c8e9b0fa3
SHA1 cfeb263cdebd13fd0e629f4992ad19c9417c4a10
SHA256 8ebb3511619a211f17c1baa42320adc26edcaf7be56ef0cff8ef908c517ecc3f
SHA512 8b9748816c978cdac2704aecd233bb82ed03022a1276381cc054305506cc73d1edc50c71b6950bd9c8995098415c1b341e397f5de1d8c031783bba7ebd194d79

C:\Users\Admin\AppData\Local\Temp\vGEYIoAo.bat

MD5 ea779a4577a1386d1647ddb2dbe262aa
SHA1 c107d021221ec67e36453f463db3bcc8b790a97a
SHA256 69f36f102340107010e2c14dfc326837694a7f158878a8fa0a4ff3f0706df4a7
SHA512 37d9f9fcc7f210f6d309f31c6b65e17cfd0a0dd650cc6c17c896d823414eae14ed45ec918b92e238a0d4a913f0a249a878a8749dafb4f8b8ff818b322ff27a37

C:\Users\Admin\AppData\Local\Temp\NicgckEQ.bat

MD5 a43176e3ca013269d2a4ef0eee12f3f8
SHA1 3198b138e62783e9e46f32221c8a77a0b48af3a2
SHA256 0cef75c0cf56bc18641b702ad36c834e646134635e8f8d0dbf4c9d9e151eb54f
SHA512 cd35989ce7a6756d1538ba7803ed51ca42c0f7688818ad9d0e057c811c515f60b1f29a42a5991d263f3e14218bef868ea1047009c6dd4564c4c1b5c6c84ed99c

C:\Users\Admin\AppData\Local\Temp\DAUkgQwk.bat

MD5 41ce42969ffb54558da893d966088962
SHA1 d1689f4258c5baed0c290fc0b82250ea5b3f215f
SHA256 bfa0ba8596312f15e95c15f066081fe23bd600d26e01f01ee9df02c1458015da
SHA512 dc534990c921f98dc78e8cb6ae6e6d45af57808145a94c551f81b6e7a4c06ffb516af2b359fd2b40d7a287f6b3825aae8a267b4bc027d1ca4b37fee466cbf5bb

C:\Users\Admin\AppData\Local\Temp\DykEEoAc.bat

MD5 199a00aa28d1f8ab3a9df6495b0aad44
SHA1 0db317d6b8910514e14445bcbc3f34fecfa171c0
SHA256 fc9a6878068a160af5c40bdc208dbcf9bfba18a0c7b5916dd165ea05724816d1
SHA512 27abdc6aa89f49575796e4310bd34cb100f7470139b2f10f346735f4aaa35682430dff3e371ec09183dfb811a3c9f5343b306fdb67aa2791ac146531ee3cd570

C:\Users\Admin\AppData\Local\Temp\QawQUgAY.bat

MD5 a9a067c39f48b01b12f212ad628b44fc
SHA1 d50a78208afde0c702bb7cc1226be2cfe0140d1c
SHA256 2e85f73a5280d62b64ba20452c0a1f8b0f186e23fcb32489eedc5a14978531e4
SHA512 88e86902bdc8ea7ee787aafd0909f3bf19040c2ccf1a6349a3340e1cbb9d386270d25d727fa759f7ef112505173df86ff329a8805302a23977d65eb93577edf4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:13

Reported

2024-06-13 01:16

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\SysWOW64\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Renames multiple (81) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\ProgramData\AqYYgosQ\SIUwAUww.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" C:\ProgramData\AqYYgosQ\SIUwAUww.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wMQgckkI.exe = "C:\\Users\\Admin\\sagMUAsk\\wMQgckkI.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dWEUEsss.exe = "C:\\ProgramData\\qUYIIkwg\\dWEUEsss.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EWcAsggQ.exe = "C:\\Users\\Admin\\JEkUAksA\\EWcAsggQ.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SIUwAUww.exe = "C:\\ProgramData\\AqYYgosQ\\SIUwAUww.exe" C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\shell32.dll.exe C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A

Enumerates physical storage devices

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A
N/A N/A C:\Users\Admin\JEkUAksA\EWcAsggQ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\JEkUAksA\EWcAsggQ.exe
PID 4764 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\JEkUAksA\EWcAsggQ.exe
PID 4764 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Users\Admin\JEkUAksA\EWcAsggQ.exe
PID 4764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\AqYYgosQ\SIUwAUww.exe
PID 4764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\AqYYgosQ\SIUwAUww.exe
PID 4764 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\ProgramData\AqYYgosQ\SIUwAUww.exe
PID 4764 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4764 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4764 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2968 wrote to memory of 892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2968 wrote to memory of 892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2968 wrote to memory of 892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 4764 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4764 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4764 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4764 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 5012 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 5012 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 5012 wrote to memory of 4488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 892 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 892 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 4256 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 4256 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 2140 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2140 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 2140 wrote to memory of 2876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 4404 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4404 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 4404 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 5060 wrote to memory of 2600 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 5060 wrote to memory of 2600 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 5060 wrote to memory of 2600 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe
PID 4404 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\reg.exe
PID 4404 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe"

C:\Users\Admin\JEkUAksA\EWcAsggQ.exe

"C:\Users\Admin\JEkUAksA\EWcAsggQ.exe"

C:\ProgramData\AqYYgosQ\SIUwAUww.exe

"C:\ProgramData\AqYYgosQ\SIUwAUww.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fmUoYAgk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gewEQEYE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WoYwMsYk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmoQsUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkMcoAkk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWAosggE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\haAcYYwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMwowccA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQMEcAgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okoIMccQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqoEkEcs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sOAYUoIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TEwIMQUc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuYwkMAM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOQkYcAs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jKsUckkQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuAwowcw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcowAMkg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyEcEcwE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\msMokwQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waEwAgYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwAcIIMk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOEAAsYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DsMUUkYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAUcYEcg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQQEYAEs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wowkMowk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwEMYYoE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kKUEYAYs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWkYcQMk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwEIMoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQgEMQAM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RykYoEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ysMgEkQk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMoMocsw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\easkAEMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkUsQEIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSEgAkIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgkgAYsg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zEoYIYgI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KCEkckMI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AaMQQckw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QGgEcsUo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VukQgwQg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsQUoAwo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIcwIEYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYYAEYII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aWcIUAso.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQoQIsUI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xmAcwwAQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmccwsYM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgwgoswA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYgAwcwA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyoIMMYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umcgoAUM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OCgQokEE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dcwIkAIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGYgckIc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAkwkwIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OccEgwQI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEAQgwww.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGwIMIUE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkUwMIgw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAUssUII.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NqQIgAQg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XuQYYoYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UeAUAwEA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySUYcAgE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOkQIMYA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcMcoMEM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGcUoMIw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqYkcYAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMIYgEIs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqgMkgEI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IQwkswws.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iewAkcEA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KWMsEQYY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\twooIEkY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYkMUsUY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQAUEogI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NgAgwsIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CaQQoogg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwwMoMQQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsQsIEUc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWswcMAI.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGQoQQsk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lecUAogc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQAIUwME.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekIEUgoU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEwogIYc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwsQAQQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCYUQEIo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bWUUUkYE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fEcQQwwM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vecUAwEk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eKsoUEEw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wosEkkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mCgooYgc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqcQcgwE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGwgQgEY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwIUIEMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIEkQYIM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOEMEUQM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqQsgQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUEQogQA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgwcYAkE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkkEgUMM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKgMAAgg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAQQIkYo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyUYAwIE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AawMswEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgUccgAk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PogwcsAE.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeUcEIQY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIMcgYIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IKwcEAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOcoYYUs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKYAkAUg.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\caswAkkY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGwUAgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKEEgkcc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEQwQcIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hWkowgUs.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwokEQIY.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAsgIoMc.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qsAsQgQw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Users\Admin\sagMUAsk\wMQgckkI.exe

"C:\Users\Admin\sagMUAsk\wMQgckkI.exe"

C:\ProgramData\qUYIIkwg\dWEUEsss.exe

"C:\ProgramData\qUYIIkwg\dWEUEsss.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4316 -ip 4316

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3600 -ip 3600

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwUkwIco.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 224

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIkMcgks.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vyAwoQUo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgocsUMo.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiskwsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kMgkocIk.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkowwUgU.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TUggQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LEcoMIQM.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwscccUA.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIEwYQow.bat" "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe""

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cscript.exe

cscript C:\Users\Admin\AppData\Local\Temp/file.vbs

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

Network

Country Destination Domain Proto
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
BO 200.87.164.69:9999 tcp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4764-0-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\JEkUAksA\EWcAsggQ.exe

MD5 eecd23187c8a7bccbb1fe5dea7c7424b
SHA1 43ffe983a4ef710d8ca2e870636cc09b4a60dfd1
SHA256 5a4680d77706b080c1dc4ce7a27ea86d78343393b2f48a8cf934b409509626d7
SHA512 bf1c4e75ba8cd3de5d72012659450bf78d1de3e5e10c715a01c4ef3018e9d01dfa8c4f91da7c14554f0fafffd0bfbad15be9eaf794910c07ce6a57af7ec149d7

memory/3664-5-0x0000000000400000-0x0000000000431000-memory.dmp

C:\ProgramData\AqYYgosQ\SIUwAUww.exe

MD5 d6621d2a3c10ad2471906dc3c1fa0ae3
SHA1 d2a4383be1e0f28c22cfeb117d5945f0831a56a9
SHA256 bf8910b29e5073a3bcf80adc4fb81d18d3d310b4d42ba386e2b6e67bc118cbda
SHA512 c0aedbae484a75270431289ad5a39b688ed19bf96870eef793dc4aef02807786a5c1d3532fd85fd15a53ff1eda780da19e3cb335e868855907c9c1c58622eba9

memory/2544-13-0x0000000000400000-0x0000000000430000-memory.dmp

memory/892-19-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4764-20-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fmUoYAgk.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

C:\Users\Admin\AppData\Local\Temp\52d8ab906cd51eedfd1355e474b17ff0_NeikiAnalytics

MD5 2cfa6796fc3ef55c4c52c89ffee69a01
SHA1 27f7ec659a880adc68377806cfed8a19a83d7a19
SHA256 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA512 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610

memory/892-33-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4404-34-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2600-42-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4404-46-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2600-57-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3984-58-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3984-71-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2044-72-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2044-83-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2996-84-0x0000000000400000-0x0000000000435000-memory.dmp

memory/624-92-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2996-96-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3612-107-0x0000000000400000-0x0000000000435000-memory.dmp

memory/624-108-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4628-118-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3612-122-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2752-130-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4628-134-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3144-143-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2752-146-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2336-154-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3144-158-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2368-168-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2336-172-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1176-180-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2368-184-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1964-192-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1176-196-0x0000000000400000-0x0000000000435000-memory.dmp

memory/748-204-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1964-208-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3352-218-0x0000000000400000-0x0000000000435000-memory.dmp

memory/748-222-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3784-230-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3352-234-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4324-242-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3784-246-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4324-258-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4980-255-0x0000000000400000-0x0000000000435000-memory.dmp

C:\ProgramData\AqYYgosQ\SIUwAUww.inf

MD5 c2d4bb928f5b888412f906e3c11f0202
SHA1 86993433560dfe18f8aa1a7f0e4c82363c518d1b
SHA256 6bdc16ea1b82bedfc6a216775aa1c2580678f61e3a765f179c5efc2a6e9a4c1c
SHA512 f3fbc384c73d4998686aeeedcc78a5f3a062ea4259536a0bf9fbdc3aa26021e73a6b51fae7943ceb97ff0c9dcd3f85793a396c67d2e3471cf5f7f0313f8a8a01

memory/4980-272-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1204-270-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4824-278-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1204-281-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4824-289-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2752-294-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2700-298-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2752-308-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3144-307-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3144-317-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3588-322-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1040-326-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3588-335-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2660-334-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4992-341-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2660-346-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4992-354-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3300-355-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3300-363-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4984-364-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4984-372-0x0000000000400000-0x0000000000435000-memory.dmp

memory/668-373-0x0000000000400000-0x0000000000435000-memory.dmp

memory/668-383-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3380-384-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3380-392-0x0000000000400000-0x0000000000435000-memory.dmp

memory/876-400-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1336-401-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1336-410-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3016-411-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3016-420-0x0000000000400000-0x0000000000435000-memory.dmp

memory/5108-428-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2368-429-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3792-434-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2368-438-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4256-448-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3792-449-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4256-457-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4936-458-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4936-467-0x0000000000400000-0x0000000000435000-memory.dmp

memory/976-466-0x0000000000400000-0x0000000000435000-memory.dmp

memory/976-475-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4484-476-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4484-486-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2968-487-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2968-495-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4292-496-0x0000000000400000-0x0000000000435000-memory.dmp

memory/4292-506-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2920-507-0x0000000000400000-0x0000000000435000-memory.dmp

memory/2920-515-0x0000000000400000-0x0000000000435000-memory.dmp

memory/116-516-0x0000000000400000-0x0000000000435000-memory.dmp

memory/116-524-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3132-533-0x0000000000400000-0x0000000000435000-memory.dmp

memory/3252-542-0x0000000000400000-0x0000000000435000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wUww.exe

MD5 1f01eef8cdaab7fc4aad55877a24d4b7
SHA1 4e3a7b897afb9be3043d62b3a2a4dfcf1f47371c
SHA256 7bc9390bc8991c6e53c2c7fef24e90cda80d5210719bbbca2446ee73f0d9b314
SHA512 6e3fea807a5110391909f4cb5b779b7842469ff25e2d73b5991267d4f1b44af06e1dd754157710841ae133f991dd65b2f478d8777363ff83c5673433b73575e5

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 b19bc93b52cc1aad07f22fd010f3c716
SHA1 5bedf454f4c096550eaaa1b3fe2e090e1488867a
SHA256 daf45daae75c5a5bcc8fbf1d2776cbf43d4afbace421f771da3952abf0ca0383
SHA512 0cf478b621fc53561c1d509f125bd78ede82f2abf6cd216f845765f31df66204f7f545461efa03ceafa3b4e7eac942567e4ba556d97285c747f42c7e079675ab

C:\Users\Admin\AppData\Local\Temp\GMoC.exe

MD5 8e9f4bb59c1783e17a727dde3ca33912
SHA1 a4ff462550547e647beee2c756a3a00bdd889757
SHA256 4c823f6c572afce125cf9639657a840c9a558e0be2e646f43eb2e1726bfa1b8f
SHA512 a8988ec98d651e14455744e2d7ae75539ba66077b8e4f384a0094daa433a56e07c5752f0240ef6c75fa3f50d24a1ab7162b03c3f25406d8102b700733a1a0ec2

C:\Users\Admin\AppData\Local\Temp\OowW.exe

MD5 28c2668b97e37cd65c2a49671de259c8
SHA1 85d6cf62ead3894ecf6b0b63c1d06a0c203d4216
SHA256 3ca0f42302cbf435a4fd7407a467464903cb003b9da9c945c46258c2d9e95ce0
SHA512 48f6573600dd1d17460d4c253244cd94d21930bfbd626deb752901e77b4598316270532d0c30cd4d6d4b7429c937ba93b676ae0a121a593a92f9ad8175311fb8

C:\Users\Admin\AppData\Local\Temp\qwIw.ico

MD5 ee421bd295eb1a0d8c54f8586ccb18fa
SHA1 bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA256 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512 dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

C:\Users\Admin\AppData\Local\Temp\gUcy.exe

MD5 1513b14b8883bddfa2506a42f1d1b1d8
SHA1 1f8aae168e6f664dea190756f06945d33d86f223
SHA256 64800c97f8ada1be9633b342e7da8074def2d3f3a83e35ea61eed1a7a46a296a
SHA512 ad44cc9242717102a790518a9f8218a94d2cac9bd58951afaae3daa6de989ed167725e3d2c9ee9e6f0c5825486f40ea477131f4d6764d1f73c5b79bef94e8d7e

C:\Users\Admin\AppData\Local\Temp\iosM.exe

MD5 6f8d3b57a92d7b883c917b0de0cc70cc
SHA1 c8615b4bdce544b19b0b5a95c801d5b1c5415a3f
SHA256 a1f457fdeade101dff93aa13d9c3e47213e5d0a9d59c5920ad5926e0b589f496
SHA512 41db73b86cd6bbc1f7c7cc7320ab9152f9be3cbff712ca5310a54bde9b1b97c86f3cb4c00d72e2e74928b1c2b3f83cb40e46ff27de4068d23927aaad7d6e9684

C:\Users\Admin\AppData\Local\Temp\gEYg.exe

MD5 d19ea6ca7b417fb8b717c4bc9fb116a8
SHA1 75c6994a50c79166b6b9caff17fdbe6bf373e23f
SHA256 868bc0b56e32456d84a4c4b433a40cdffc00a2e2c746596ffbfb5829a9e2ae79
SHA512 258a5736e0b7a1274db0454b2443a1c6bde5430afdb485c0106da810490284b23d0c0425925b1c6db64b15de3b8d048ef1f1cee7d3b9c750634be31717b40c21

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe

MD5 0d8ff8c801b2d152c0370f18e24ee9dd
SHA1 896e0a245d3cfa0b7200f3ea1be8d443b6191b75
SHA256 2cc83c3971b92f9b47ef433966f2fbdc23d9d490e46604d234275764f3111f8a
SHA512 ebd856b80daa3d9576d88f2daa6038d90ebe146842c78e2b69b993874e292feac118cbe650bdd42df899db193cea5e138c9fe7173346161e6c620c6223051e27

C:\Users\Admin\AppData\Local\Temp\igYm.exe

MD5 12ba1e3dadce0113554ecb2b7944ff5b
SHA1 82271b9feff72e9a4a687e3940ba78e953e45b71
SHA256 69f2cfe0a835b562d3a8438c13aa5ceb93ae0f8cffd48be6f98b6b7cc19f7c96
SHA512 a907776378fd81614c6de1c64302d24eb1a3e908a76e3d5a519da3ef0f7061d700401f258c624ace0fad11cd2c6c7974a08774638d2102a50218d28ca4b2ec54

C:\Users\Admin\AppData\Local\Temp\ckYE.exe

MD5 8b31e2b82f61d12ee1550b0a5b23cb08
SHA1 be636a815c8c81adf9e6d9f99b4c4dac279b5ecc
SHA256 b730f44a0f59866e37dd64fecf8c82f154926ab7ef7df701af8de7a8c9246064
SHA512 8106549cc72321419302dfaf91c7473a07b25a1260a0ccfd4ecc3136d623a3ebeb5f196998a1c8d09a432c11204fbcca0621be2878aa250f62bd4db50f1d8177

C:\Users\Admin\AppData\Local\Temp\YAIc.exe

MD5 eccfaec01a2b677c4d8dea82f84bb9ea
SHA1 002124becf3f83ca391c84202b2bb87f858a4fa9
SHA256 498e0ec2026727ed3a9ff63e702e8e03f48f3a7f3b6d88c76f9452cc82fdbf3e
SHA512 7564f70c08a0e1c6f6cf4d9a5c15581e442ff42b9b72e14abd3e2d5cf821eadfaf1c077c10fa1dd751fb841f7b76a1d517cf890f2d89dd5797eb1c5e3cec3e17

C:\ProgramData\Microsoft\User Account Pictures\user.png.exe

MD5 5408c0a2ca40e8b8e1278d84da8ffdad
SHA1 a967b4b8b116fefcc40183e6ef86aa837e757c7d
SHA256 23e39cbed764136cf126167c6be5193a732b0054aea7d964ba22a69388f7e299
SHA512 8a1679e920aaa689b9e90107ac8626dca4f317b5c92ff1fce75345254bd84256db21274f0ff63a24af069af3c0c4209647bfeee2a4b9a6c15f29a3e055b9add1

C:\Users\Admin\AppData\Local\Temp\EMga.exe

MD5 a6ecc2e0181f6030265aba41a96de4f9
SHA1 88bccb7272dd9bb0e4302e5cb18c52b6768000ec
SHA256 7927b09d4392754eaf0bca021dfd1f8713846fac70caa3deaee42502a1ff616d
SHA512 997aaafe3880c8a1cc6c672f90c10652284b2406162b09f7f4513dfcf28b522effd6ed1966287490ee5df04b578b86d8ffc6b555c5452dfae9727e3bf0348609

C:\Users\Admin\AppData\Local\Temp\Ucgo.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\AppData\Local\Temp\akUG.exe

MD5 95079219bc6c248c4a5d43c774a297f7
SHA1 1ffd432781df3cac959a946d26a6585e8b0964d7
SHA256 a2ee2495412ae8b8a24d98073ae0392b3dd22919a74947ee9610b6590e124c6e
SHA512 8644162e1de08150d4a4ce619b8290c3db2e59617d2a7f5878f9b1fc931b1692867fb74f67f52bf189ffb2f74a2be45aab84bbffeceb1ac41e1103d406d03c11

C:\Users\Admin\AppData\Local\Temp\SAUU.exe

MD5 9f9939ace32e5ec75477df3de222528c
SHA1 84a50b16d3245083e5fde17f08c39d59c1e44c6c
SHA256 fbb3aff95ce9a2b714bdbf4827feed98f7152e381b1301f0149913fb1f25d02d
SHA512 a0df5671a365cb78d52ffe607b4419df72c3725cbac8e7728aa8d6b2743909c00e20a179600790ad8713ba11adaf48249ae6eda5674b0e88ddacd544326784b3

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

MD5 06a32e1b466ddf661b3030b79298f0c6
SHA1 138f250e46016424854156a0d3fc9857c1353d8a
SHA256 fc7fc42176cf700a7af8f6f79e39c98b2414424b4e39cf3830371c783b18c0d7
SHA512 4115f4a3bd5b4f57d42f83733dff52daeff18e526349034b5566a1d482fa00ed7e688635e0ea5edcb5569a8a9606335296b530fa09e326d0974e637af3f1cbd5

C:\Users\Admin\AppData\Local\Temp\qgIW.exe

MD5 0c237171822186c07e08d2d7f46a50bb
SHA1 8cde3f1f70cb1610fe894d82a435bc2e9f074f8a
SHA256 74f4c28b7530095a6d8ab174492c2f464d688ce9c962dbf3ed4bd4ce0a73bb48
SHA512 85bac4b3c7dd9196be077cb9771c67f7ab214e5424ba1c2aff0d438e6f83497f27c220cdecbc3eadea3d292b9c95fada9a101bdc88f99c9d03fe4b8b1f0c6b3a

C:\Users\Admin\AppData\Local\Temp\KwMI.exe

MD5 27b6c38b9b40e2961fd07bfab6dc3bec
SHA1 7c1ee5c27b4d70c807a3847b05e67892376daa3c
SHA256 f9e360ebbeb3622b46a8ef9ed81f6bb5ca5b37b0f47b7c079800c0471a1cb28a
SHA512 6cf4ad4dab0620b4ee9fed06af95c3c42f275ac17fe69154fc9b98d52369af3689c061f52753d8e4beeced8f42b2f0016ea94b72c729811c572551b92a61fbd2

C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe

MD5 bd704dcdd8382dda903374b71096fed0
SHA1 634191666c77b95e4a92b52a86b50ae08fe65d9f
SHA256 007f66df172b409f06e9ea26e6aa6b753d10f9616c55b53feb3b86ac5632921e
SHA512 38810795dc84c2b580a5e1f50f495cfd07bcf3bd8a4b03f6e185ba60761d09f59de5618ae8d05199d95b7b16126f8623f052b35265b9ebc249e280c65222f54b

C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 97ba17b50bc6b81b13bbb71ef4114fc6
SHA1 b78410e7e4a35db32cd954b4c216fc3ce6588378
SHA256 310fc31d5c38ba5d34d98acb8d51249a54eb9954ce645fe1280f0685f99254ad
SHA512 c086b7b0a690249dbcf15751025d714e8d7ebad8658fcf3a2b94ac28d439eea6a1e6fdb3c3d10a1525eb073555700b6a17ab658ec9ab5d959b30b594b57ebedb

C:\Users\Admin\AppData\Local\Temp\yIAI.exe

MD5 a6a7fa0f18da11ac0570160e202999af
SHA1 53b059444714c486b231cf2078c9f0c2b8d47bba
SHA256 b8481f0c8e011b7ee7556a8c782ca4fc9a13d448143b8420cdd59fa5c9a79cec
SHA512 fb705b6d0fac5871ed27cd94b6ead4b40b54b3fe898612cf0608b3b96c2905001302d2f85030289e0917026935f5165f63ca5e3cecde8c7c339f08c468f45c29

C:\Users\Admin\AppData\Local\Temp\qokC.exe

MD5 07c4f69ca076084737c25bc1bd53f670
SHA1 0368e1df0ad710397d35c25bba3899870868f9ff
SHA256 ef167ac2efa03e9aeb350a708614cbc5842170253476ae83aa4ca3c92b531780
SHA512 35906e8696580a764339ae7fd294d2a62bd25d16349ba0e153431c9c0e299fcb8c5f4412785257ea1b3c441f2492bb0cf1538ccdf6ea445f3b8c679cf3373f7b

C:\Users\Admin\AppData\Local\Temp\MYwm.exe

MD5 65c8c4e825b05bb187cb478416ddce91
SHA1 a44eeb45c153c8390dbc81e709f2ae7680b414d0
SHA256 3257065474a26762450152df864135b28d737d7bb45530cc4cdf16252e74bac2
SHA512 042ac0eb30df3c646db0714fe951a7640a229c70005ba12128539931397165b7a59dc51e472b30ce9fef5dfa90fdf6f089387f19666a99343dac6cb8690311bb

C:\Users\Admin\AppData\Local\Temp\qUUU.exe

MD5 295c483c5bb4036992b9312451c48aef
SHA1 3b15753d5d97ffac6b7972fcca6625b89adcec82
SHA256 25e7b369567a7f48288fb834ae7fbfe42014c4ce51dd3c92c2bffce8e708768c
SHA512 9f653003f6f17075d0164355e0b2270ee28af01961af8c863307ef9b3da184a5e3fac0e6d5e5002f171423047e39138c3af90e435523341d0daa428472a51859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe

MD5 0ac515bbb92de752349085ce8378753d
SHA1 a68b9e65d0264dd79908311d3c4a43dcfc19c031
SHA256 671c78711c2a25c0bae929a2a678dd5c98287383afe47803de372897d1917ce8
SHA512 fa23ea0d84f0e84fbc4f82409842a5a33c2b9f827d5c1f5097828e41f0e72de1a61c71f90cc0e521822952259bf9867729f606664c178f9f599ef4398c6cebad

C:\Users\Admin\AppData\Local\Temp\ecUi.exe

MD5 bee02b003b15d30b29c2475e88dc8898
SHA1 3e5ace60fd4789c0dde6509dcd0c6b00b31f2bd8
SHA256 9e458362909205f486878957c789fa0b5f7e691bb75af648424fdd7cf5987d45
SHA512 d439ce20025ff336c8c486ba1df4996d9e4dff6ef1ee467a4fe42208559168f4237d5397e82e26e58c1285658c5dd9408d8c86ca88420b6511abbacaca56c1d0

C:\Users\Admin\AppData\Local\Temp\KYsk.exe

MD5 7fd17c039c812520841008a61311222d
SHA1 49bcc71ba7ba4d759034b9f78cc0bcce7c8418e8
SHA256 b2fa8f3c3c12ef616626e65b6c91c34f127055f208ceb2c745d8651cd3b9e6a4
SHA512 fb0278864c70769666196f2c6a2b6d78386b40285e86c005d9e8f97cb814515a236e72522eb1e1d55727ae4d3d17ddfa9a5344a98d093f6a3b8309f98ed07c82

C:\Users\Admin\AppData\Local\Temp\cksM.exe

MD5 066447dc16a0474bcc4098cc1fe16084
SHA1 19f599ccc67a65549a3320ea21c17eb82af441b7
SHA256 456a101dd3838b15f392dbe9158c7b64127384beb124034dcf4b464fcacfb6aa
SHA512 f1ae75e4b1aeedd3850cc729ef840f1c19bb198e54b4986122f386be91ea20547c6665a00da4056ccd6f2c39cce8b0ef047b364592258b52c425673213f192af

C:\Users\Admin\AppData\Local\Temp\mQcQ.exe

MD5 345af6b47994c57003e772f81b94496d
SHA1 ed64ab3fad99c0798b9678bb39eb1e2ce8d221dc
SHA256 53c0478e355d34e98c1b1569de335d066cb04b3be24d5fbea3560a90226aa236
SHA512 1c9d37288f808f88cdba0ba831c58f27fd8454a971e83ce5c5c9430ce664d1fa0afc3014d794c545eb500d47964b243448ba319d2f610a93e691c9b4aa63b665

C:\Users\Admin\AppData\Local\Temp\IMYu.exe

MD5 62b115149ebd0ad2debc73a51f437c44
SHA1 4c94596581cf00fb4cb8b1a44a62bed5d220a518
SHA256 c079fbf3f9d72123ca91f0da1e560b83ec211679f660b78a3833d02c0ea9777e
SHA512 619985611120d79bb688a67473c2752501d91a036955dcb1490a36b861c2d6a52b762bd06df5c4afbeee5fd24c9034e750f7a9f94d4b7ed8d4d442c769b8b25b

C:\Users\Admin\AppData\Local\Temp\msoO.exe

MD5 e723804a0825e6c3574a5fa72177c8cc
SHA1 6b68a382583026593e766566e70d134c1cbf26c8
SHA256 bc348efb69af4d030575edd8f184e67033eebc61b4351ccf0aa206ae04c050aa
SHA512 231f72727864271eafa993e84ee3d1c442e2469a4ee6a54aa655c9b2d5e53c11098a51ee920ba914aa4dd4bddb961d9116c9aa654320d7ca2da0d41ba0447192

C:\Users\Admin\AppData\Local\Temp\sAwo.exe

MD5 45c389299143e3f30dc98fb920727524
SHA1 0b6a61050eaa658ff4174c73452d5061bffbe4e5
SHA256 de1765e4a4278066ff74746c081317aa9c23081e808bc81cd5ce1def6ba859c1
SHA512 254a40aca7a900994080a1811327ce825e9d1ae4ec2bb6551525a0086fc931d4809e199fd7bbca38a820aed5c91d95e0c839c89852e90fc25be8a33ca32ed2ca

C:\Users\Admin\AppData\Local\Temp\AoAe.exe

MD5 a75ea6851d9279d6b1f8b907ec7faa47
SHA1 772b3f3167778559470b740bd822b3bfc180b652
SHA256 3f85cd1e041f12a354e70afa6e24c22f4f1bd2171f7afa8aec0c622cc8519baa
SHA512 1b1939aa7dac2134d557c94579a713b49a42599589f6bae3c45fb338b0a04aa714688cffda5084bd54cd11d4b01ca9a6c2d4f3aa65c4126001645132580c6aff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe

MD5 292218aacba4c70d3316ab620b4cb598
SHA1 726c6d5bf423604b68ad052b5980ed4d17e6b41b
SHA256 989ae03beb26ca820c02817426063c7ebbe63b36dab9d4de172512efe9508677
SHA512 83ad792ab8c2254ae985009b60a45b75211fb1e484ad6b804c66a4cc0fbe60432446fd00fd0768c3183155f4fa134fdd6bc2d01bc892be481a95db9df6035ac3

C:\Users\Admin\AppData\Local\Temp\kMgU.exe

MD5 9fb342eaadd579e1a52e698d192cb6e8
SHA1 f203611a87607b0e7a5a29f88c8a3590062644a8
SHA256 1e830a30fa1fc5e73e259f5a0705201fe1106ddd774f342d266e39a1ceb1b1c4
SHA512 a589a89048c9180a70135a713e4a9d0e282b94443a78625a86dd2071e31f3d86a76e95955b1bcfe229f62519b48f39868acf81f2c84725a23b04f0934888d9d6

C:\Users\Admin\AppData\Local\Temp\AAcq.exe

MD5 9adaaedb8b318c43657f3f6d9f4ef3d7
SHA1 39823ccf7aec07fb5f8d9c7fd906f1b9061cca9d
SHA256 a391925d0940ec078aeb491170d19ac4abbac55b2a72ebbf05752953225c65c2
SHA512 42b33b0df12789c72304e7a92fc5bb26f295b184b9e9856f5d23199b25ce67b23a94f1a7af26f9eb61632913b865e6183a7f2072147ca78ef770b183d20e29d4

C:\Users\Admin\AppData\Local\Temp\oEMm.exe

MD5 97bc1fb377f43b982bd3ac8914314b2d
SHA1 a48305e6f96cde76a4fcc696fa10ad32fffa7e40
SHA256 f5d89b24d044d65f7ce4a49484d7d81e9fc8e0137e7bfb8cf86caf3136f7c484
SHA512 c1d6d07b6084a1b5337e1783d9bb524a7b227643c66a33825f7c83864bcaac37c76b59444c6304fe3beb0b9cef5f7dd23b1b2be4e57685037af28699cb1f374c

C:\Users\Admin\AppData\Local\Temp\GooU.exe

MD5 994510e86e43a0067944ee7083350a20
SHA1 41984c637059c0c15980e00784bdf8e5db04e7e9
SHA256 11fca85d6cc54c3f905c18c11134bad71e4e36a4ac3cdcdc9fad04d10d6415d8
SHA512 21b2aaba8de20244e6ce18b80234d0a82bfc6fd8b0a9e16c77fd744386a2edf46c43d80b7ae96d23bee168c86a080355b71f6fd5d840ede2e353c26262b6c7dd

C:\Users\Admin\AppData\Local\Temp\Yckk.exe

MD5 b3e2494f1067b73501fad31ea072fea4
SHA1 e3f2303515cae61b93c8394fa86c11adb3adcf27
SHA256 50210bacf10f02c6b9848a293ca9c703fbc770170d46227b9a0480bb7483a981
SHA512 31a11c7ce2f11031ea531a66111591e1b3a2f564206792d79b1c77fc027365ba4ae192d852ed33a40ced5aad08c044cee3b388314da677b5258583cf049e975e

C:\Users\Admin\AppData\Local\Temp\YgIE.exe

MD5 aa879b383d069d9e9d680e71ad2f72cd
SHA1 d5151af3ee6812d2f3ddb44eb7c1b5e6e32b0288
SHA256 316a4ecf189a8ac4e464e239beba5ab25a164e5971aee721eec936b5899915e4
SHA512 ac6fb3988e699420666a5330509c5b8c50bf4fa01af147d5482ce6795d99a5a6408189ec906865ceb0e48dc2ddb61fb908215b36e424dfba3ef08e7ffab607af

C:\Users\Admin\AppData\Local\Temp\woYO.exe

MD5 2829ddd8a13eedc16b3df0ac6d10d9eb
SHA1 b7b66b3883638b676973cdb8673d458a29789cb0
SHA256 4ad1ccb68acbf7c2a797abe56a739a80a09be4b0eca50109880c0c17805f9b31
SHA512 f6b3a0be1b5bbb87c5d20f74cee661422bd56edd6790ffd55f9d7abd8d73cbd0b4abd7086b9be07fe03300ac6ef7b5cef475436df2c7bcc158b6f3de41278b58

C:\Users\Admin\AppData\Local\Temp\GkEO.exe

MD5 5a7fbc75914cf0820cf33580dc6411ff
SHA1 0f8905692f4fc555c5be15c17a6a6e877c3c1fc2
SHA256 24cc3d836da6ab247ec3f7b0b3e1e7d6e18621b851ecea7272a2de3bf69e17dd
SHA512 22297a33888bcf881955c1c0c425f1e8e7e1b669dd0ab170bb6ae8f0580b9fbb977b9898942da87812bddb0559a3f426c16d77b63695055eb7b6d26dbb90f022

C:\Users\Admin\AppData\Local\Temp\uckS.exe

MD5 9d5eaaa96dffa7761644087cd79e22ac
SHA1 23c929ecfeb9e4cdfeac0d0daf7ca7dac741763e
SHA256 e8f36fe16b240bbf4145a439da90b0c51df37a4f34a099d676208d189e42a02f
SHA512 c154e6adc929f7c56c50818e6cc389fdb568f2adb4ce61fcfac7371dd0db242746b3e5d2b2d38b6a602e22708a0e11a650b9f196444c1509426f2aa01eca3323

C:\Users\Admin\AppData\Local\Temp\wEkg.exe

MD5 1020e3ff8bcf71d2866331eae9fd558d
SHA1 1332072cac7717317d7b97681537df93e71df945
SHA256 4d27f367cc3ed9e3867f5bddfdba6c88b56ff4d30d58bcc0495c302b1dcd2f93
SHA512 257962b4623337a80e0038dbcde0b5f32f9344025e82eb290afbd14fedd74697c1f58dd698a642bad49b2ecc90ccd4e1c12e0d102bdac50e161fccf1cbd95d5c

C:\Users\Admin\AppData\Local\Temp\KMoc.exe

MD5 635cef9c28f81607b6a0ca176a6128de
SHA1 ddf29c9b30d4b1e879904d4c4f7aaf5053a67fa7
SHA256 2692878a662b0f9548dd89df0fdd29241f084edd882d1f2c57fa2a9c0609dc41
SHA512 e6ff63317df8d5739a7dfaeecbbaf176aa49202ab1844b0ec58be6b43c5a930bbd94274e38e92dad2414eb2cf9c466acc382f827f82a276d24f103afc67b863c

C:\Users\Admin\AppData\Local\Temp\AUkO.exe

MD5 0f253c712c15ea84875c12f8badb3bee
SHA1 ad07b583099ecf20222ea424fa37a33a44af2133
SHA256 8e41192b21eaee36fad664ba9399d8211a7eb1572bc88f48aa35dc8572d838f6
SHA512 731d21a2ce2f4b9f205d95eb6f5fd4970311798f490bd5ea7e1c069100cf63b7e537c16a2c68b9eb29e041609c036f2453cf6b201d1af19a7f0566c256ea52da

C:\Users\Admin\AppData\Local\Temp\Ewok.exe

MD5 1a719172b16cc55c8bffc364ee2cf423
SHA1 cd22b8f53bbfd66347d4041fe68812ad278613f5
SHA256 c6cf202ea130575b7fa7e252753fd6dc8901a8da117bed7b0ae2a364c9ec9545
SHA512 74f09c9a6b23c821badf30bb717203768035c38eec23479a80cdeb893c0ab30925b4c48ac0b86c065ee3e25655cbc1b38226fda88edb0fef4ae76df62c204360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\128.png.exe

MD5 bc645404d2bd6d85c5d7b903ee640a47
SHA1 5b1092b71331074b2bc8f4f50c15114efc00c779
SHA256 bd0c25f01591bfd3a7ab485ca348058c1e6c5919535a10d4ac7127f8f23ee979
SHA512 fb0730e575f6fec9f531941db2192f727314b5fed7c2f8ce24949c4507451c243ab0311d10cb5c72a749788e2d98a5df43fe7034973c095a47846f42111bd1e9

C:\Users\Admin\AppData\Local\Temp\WMgQ.exe

MD5 a8cf6a8a33f8ba060e569a8677050769
SHA1 b1b91d397261e0762d99cf8501bac0917ee2b9ae
SHA256 73917774a0e2245fb50914547955f99926bd9b177ecf1af5894ae650cfcf26f2
SHA512 51e7fe05e1bff45a5a9604ba5e1d4a5e693004eebbe42c5211af28dff5ed483f96d5d4e2435e98b6d793b197cd73b4bf580139737099d8fa438bcf460a56ccc3

C:\Users\Admin\AppData\Local\Temp\msYq.exe

MD5 0e7bc43fec43cfa82cdbeec7f3984863
SHA1 3e3b94f5f4494f630a30c2142643f90ceb0e212a
SHA256 1f0207a1f12cddf02f9b218390208cd2e4ed3535f90d84bbbf997c760dd37e11
SHA512 50f509c2415f50feff4d58cc518848ae577f97c0b4e3f365dafc18c2bc38feb0e98f6128f7e5cac8f07c11c68e921c068ccd5e5a5510da618c028fe08e9557ad

C:\Users\Admin\AppData\Local\Temp\eUws.exe

MD5 ea82735cf83fd81823bff1782c1a619e
SHA1 5029cdca2f05510ec303d5358dc442519444640a
SHA256 8f17545a2c0cb8cb7471acb4d31052d5abfadbb8e75ba412df8069e926107710
SHA512 a6c59c48f2aee843fa5a592cbe3222b6699a19725067fc2191b0e726c0e2b5314968073f4c50edc2577e254444266f82de9e3763f429fa701820ebce8b0d8432

C:\Users\Admin\AppData\Local\Temp\akoQ.exe

MD5 cb8fa6431b740ea19b3cc6630f04b4bc
SHA1 2053ea03d7c0500c0f28b784420b3de5800c90c8
SHA256 50be639ba79b6f9e1011470f6fcdc8831341736eaa16b2555a84672dee6b49e8
SHA512 623250379c6da1486da3f5f43b7449c60423e74219213b3fc3961c8cb18ec179e0051af1b6546672548c538416596093a84c5e1cbfee01a05f78e34aea48b8d2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe

MD5 380faf9ded3cfd9aed4b7e05c72f0a17
SHA1 8eb20c630de7399a35127adb254c6c59ffa5aea8
SHA256 16d7056ffa6f46c1a97938a96087cbcdcfa712e82c00708b282b14c55a3c73e6
SHA512 86a676ce020be0a71cc50127dab16dd725805dc0b1b8ad30ebb09e75044b7db7c980545220799df79109ef40edf95dc8f1ebacb852894ec791b7303dbeb6da0e

C:\Users\Admin\AppData\Local\Temp\IYgW.exe

MD5 afdf6cea67496008165e2eec89d4c53c
SHA1 321c3664fb9d312765ab78bda0d13ec94c5d4f1b
SHA256 9763e5864836abc0ee1f6885274119d8088e6c26398ef1bc5ad7f477f9453bac
SHA512 82c09eb905ffeb13480e11c0a74083ee723071bef9db4744972c7c1240bdd6407b7159b7c670006ba7f15dff288dce0bd1c8cf2b5afd00b1db0942680d20502d

C:\Users\Admin\AppData\Local\Temp\wMQM.exe

MD5 58b03b346e89e0322bca4b03dde44715
SHA1 3012847def6ac1ec91c4aa78476fa6908e3776c9
SHA256 e58853ac5d8f334a24a95c95677acc0c230ef6ce9902a2b1f8172a20b0fcc300
SHA512 367173e2382c3ba864b2fff94287a95846e86a2cb43891357d7b1f388d2dbc5e289ed0efa73c5e47e2a0213d95d146b52dae687d606260746ea0d4241cef1726

C:\Users\Admin\AppData\Local\Temp\CQwm.exe

MD5 41e1720e19523bc77f692eeb96b98aa7
SHA1 54fb53d0386c246037e3810879b7f7e7eecd9eaa
SHA256 dfaf3b92d0d435b38ecbe0aac4a855cbbd2f846f8fff57f2801e8f4759426588
SHA512 4d94fa6d8b18166346c5b1d2fe50718ba58d151e16d6960901e6d8f6febcaf5f9e8de8f5beafb7bb17ac1b68e4dbaa22490b9b5f3402eb0f825e94bbaae3ec7e

C:\Users\Admin\AppData\Local\Temp\owww.exe

MD5 8ae5b52eab568ae3263ebf7d7bdb1c57
SHA1 3969b0cdfcf988f9b954bdede3e3d8499919060a
SHA256 6007a20614220996ee75fe9f40adc2364e9b3de375305fb0c80496767ea32f4d
SHA512 af388fdac329086c11f11f0b5e50789d77b663e0da4f7724a48e52163ab98b2411c561c3eac2645ae3284291fcedb195542d72766ef82c4adf49460c15d16ca1

C:\Users\Admin\AppData\Local\Temp\gYQE.exe

MD5 73c2103404d27b52da4b8ad061e5015c
SHA1 23fa82293086b7148adbd924ffafa1f48821b12b
SHA256 5b134429a396c35ff6bfe77bd6192b0e2e35e09b93cda5ec78b935482510d32f
SHA512 cd1918b57219ea63b4317e83ad1afc1aa479be0c670f890bb2fe7f173b6b8f3c87543eba0579e0d520dba85fbd95eda1f7f6a212bf33a9248975d317bbf8e0cf

C:\Users\Admin\AppData\Local\Temp\SUAm.exe

MD5 90b021655cc2152b6f9c0aaa01ea8225
SHA1 21c6fca75c8a79bb9d348cff9f7075832f86898a
SHA256 9d044bf2278a55f4ba9b581440fac24af6766514eb950cebe72180ae1947174c
SHA512 48035ea45b6cc3200bb4179cdbc8e64bd408bca842b6eea4f40c0b77bb6e059d6d060a50e597ee9ae518cf7f8df3fa47b1067e6036d2209adee8d9ecb4c60704

C:\Users\Admin\AppData\Local\Temp\aosI.exe

MD5 fc570d9d051193cc63ec805d7171c45f
SHA1 dfd8ffa4e03b204556661e9864ea52ad433fd57d
SHA256 c5321ee75148b144f69cc0b5d483a76c1172f4c6c1e9edf8f54cec4a5dcdcbdf
SHA512 525e4daf91d8b8b42b8ce84ee1f96d2b70babecd17891d174378da7220f4c218f0a29107939e294def170c3347db66fc200bad99869faa62045d5ac0e8950afa

C:\Users\Admin\AppData\Local\Temp\skIQ.exe

MD5 7873a4510d229df813f88e3e3950c2d0
SHA1 cea60fa6087a781fd08f9cfe89b35fa4faa7c167
SHA256 3f2ef69cfda52e76657ee5c76ce17ee0178e09d7dc0358769ab97809c9eae750
SHA512 6f7687ecb100324ec30a7f282b65bf0eb1a300fe57fca131d4485700688f2b51db5b6d25b7c6688698914b9cd691d6d6d4f57dcaf3487f5668dead6067735850

C:\Users\Admin\AppData\Local\Temp\gMEs.exe

MD5 94523be35aa78e14c0b3ae0ad8e90f3b
SHA1 35c08c206a0faca91ecf294698f5964ce1aabd60
SHA256 cbe2b7f0876e12d4e53009280b9aa6e4a87c349cd5d871f3d531bee91c8089ad
SHA512 9346738c3eb04211bfb7a5a41f77f180e753806bd2d0d9ec64db85ad0233e74f8222d9c46af6d9a67f06ae62c1052260aa1ecd8bf087d1f988b77a97f56f10e2

C:\Users\Admin\AppData\Local\Temp\awMM.exe

MD5 250c65ae310e0e8b165c57d492156cb8
SHA1 a4f519844f2556fb9f33a0fb4354e516a11f9608
SHA256 f59bfb8ffb7f750221b4c31e7c520a2c1f8c218227b1d84aa9984cd2096a9840
SHA512 f3b8552af74a1457bf207ebc1009a39d0ea16be3b8ca47a326fa05428e1cd4f10df5a0d5ca99fc12aeaf20b25fdcd406dbb655559601ad362613671a5e9433e2

C:\Users\Admin\AppData\Local\Temp\awMU.exe

MD5 cf7aab4babb414d6e09a7508cf0d3d43
SHA1 6a6cbe6306498b8c664b61d8af3467be85fc653c
SHA256 9c5b76e2d11ad629e570442f86de07078f4640c20293ed8ebf21b236b77dabd4
SHA512 3ffe3882befa9b698bf074d991c626bb7c4aa32300f8a12f26d2a501152c4074182df3f0dcc3f699ac38df88efca6f6dbee3f83d1e72d187b8af4e05c38a675b

C:\Users\Admin\AppData\Local\Temp\Owku.exe

MD5 4b22b4084eebb4bb3e415791636e048e
SHA1 e436e195ed81484117b7b2eaf1b691cbfeafb667
SHA256 02d2bc7b23aaaf6c2be72beebfc04eed333327eb0e63168cb559cf70b4d73242
SHA512 88104c60dfb7bb9b6aaa74abd3c87746ad1d8b8f3915fafa3dff7b0f20786bdcc13cdec6229020424256afd507c1e1c47ab2977254fc17cb72094382a136d0d0

C:\Users\Admin\AppData\Local\Temp\yMkK.exe

MD5 7a16e5eb1133dc76bab3eb9904981db7
SHA1 8098830a897de5ba221a205fda484f09ab769ae2
SHA256 ee31165f39abca3bca09f1a53afebde9c984421f29bb76f96466f3a5dbae542c
SHA512 8097056f64eda81233fb7a8ca2eafa5fe6b8d719ca32859d2919ee8f2b0d230b798947fd857d88ef56831800e2d0c5b1ac5d67171f494a0cf905e59ea62ea696

C:\Users\Admin\AppData\Local\Temp\Qook.exe

MD5 56323049d60ae077875883c46dbdfc71
SHA1 5e39c4df30b9fd6a99430e56f355725e3c5bfc76
SHA256 6794c634a4a5158a1451578e23ae2b490062c0e4a15d01019069dc179b0e77c1
SHA512 6fb390dd3101488974f096edb75007df70e5aa175709374cbc199d0537ee1bdea1df185defe96214c4ae61d2962100ccdc70140f3143d54436f0eb319d56581b

C:\Users\Admin\AppData\Local\Temp\qkoG.exe

MD5 e9e3726152f12e48ac84ce929e4c75d8
SHA1 831cd778226315b7fd24d96874a12ba43c8c5189
SHA256 47f855e88f4c40f3392a2b9e9630466e23d5fb5899a6a4d4002d7826b33f1fd6
SHA512 a7993ea88e975ea674a7d67b319330ea0260810d203dece00a52d41703ceb4d58321357a7fce9bf57446032803dcd29b16ce2e88b4986be3cc68a83706f0d351

C:\Users\Admin\AppData\Local\Temp\uEUi.ico

MD5 f31b7f660ecbc5e170657187cedd7942
SHA1 42f5efe966968c2b1f92fadd7c85863956014fb4
SHA256 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA512 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe

MD5 7eea3a3d36f8cccc0e1b0555d06ebd1a
SHA1 8b97bf9067576ce623b4a600c81ceb939bd67a7b
SHA256 e6f65e88bb6ec7da937a5677f8414099038e20853e0d31266d70b665989af101
SHA512 42a160f1a9468abe2fcdeb64352c50a428b70006b5f021bf724fe7c98dccf40190bb65c7b359c4fc318a871bfe4301ca9cfc85d2fc3b4ab15e59d7fd727672d5

C:\Users\Admin\AppData\Local\Temp\EwIg.exe

MD5 552e4a65ece4367781cc0430c2633efc
SHA1 6ef36164b28086f55dada331fda7d99a14595dcb
SHA256 d4e1685b1c70fac364e51e56fbb557bd99ff28dd0d415ceacc9453759411fe55
SHA512 effcc439671b8027cd1a3a80b8b91df41fc4c7c942c81f3eab9f58e19f299aeeb98a90a4537a8a9ea804819fb9a57d5dcc6aa79ea6b72006ba3afa8524b21b18

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe

MD5 dfe16d2e0a8c387ab208faa485263c24
SHA1 b026feff2778b165319badd27a5997d60ddcb3fd
SHA256 0937ad20ebe8c3424181bd29d4abcac96c408cde3e831a68a67755f24deba8f9
SHA512 31c4d0457f32d17cb2cb1f03430c83d8f74f97c1728aaa54f99a7a14dd18ea854bea54e06a3a4439bd8de0c08337d9bb8b01fbce177e145a0be99e44d6051c29

C:\Users\Admin\AppData\Local\Temp\CowY.exe

MD5 e4272c07df1d1ab55da2096794594b16
SHA1 05d9ae6ad8979d0da636358a638832b1f92bde38
SHA256 eb0b997c55659cff94254aa6c4378c20f6eb688809142fcb231f7feab2d9b8e7
SHA512 c3aeefd6a797d6f41284b30fe46f4ceb8ac713acb6a36840fee2e40eedf1e9e4f6a97cc70879110e9780bb751dbcef82cfb1f662e81bf6a81d47a5af6b564ed0

C:\Users\Admin\AppData\Local\Temp\CwAC.exe

MD5 bdca13f9963ef320f1ca780850676626
SHA1 8f95ac09d5fe3e41e244ea5346581e0a2c11c92c
SHA256 3740acc80caab1296273a461ffc79c94189347efb40ba9580cf53ab2f3a83281
SHA512 185c49ba615e86ab58854c01fc40c94252a018fef13e4079c6ea5298604115859df3798aaffc68704eb0bc5804c1d1d11e14a84951b5f477115a90d3315fd4ba

C:\Users\Admin\AppData\Local\Temp\YkMy.exe

MD5 6193ebb63cfcb1c7d199d4a21216d06a
SHA1 88795af355282fac65969e440d334326b0d82252
SHA256 091b741f984e6f316e89cc9e2f056b0ac816ce0686f9793312dd695bbf082104
SHA512 138180ccf32b20f70f2af617aa73d212aefe293f1253c19a75eed1f99b1556c628916a938967aa544845d035ea7315d0defb66d3fad88c30b1f291bd5f0cc102

C:\Users\Admin\AppData\Local\Temp\Ggsy.exe

MD5 343971a17192d1f113a0d5ab97ae8bff
SHA1 f368e8236538ae5fd334fd448c57199880ff8c7d
SHA256 8dac603116c080b828791eb540ed60cc089a172cd46db0ae1c132b595d62a0a3
SHA512 9fb8c26ced20b0772c3825758674852750c41026dabd3dc2c9db61057325e009d923f4ac7decfb6c474297a7e916236161a61878371335bb3531f554f734f52d

C:\Users\Admin\AppData\Local\Temp\uEgy.exe

MD5 8edc7ebf83c40d43c45b4fd1bd405b27
SHA1 546c08157a399da0271e7a5ba9ae4331d443da25
SHA256 0b4bf1b2ea03e613d469f3985ddf7f76fa5e3a020254fa684a41186665214225
SHA512 42a8aa43a2f8599cf8444179f2afb5d8c212516ee48fd9c1856974e89a6339edfa1f6ad9030ea6d3264358c64bc081ce3389693e53378554533d40b37a7e9c9e

C:\Users\Admin\AppData\Local\Temp\qYQE.exe

MD5 c1ebbb77aed68f49096ec233e1691660
SHA1 9ecfe5c4b4b0c64561c8e914ddd6a3e988353581
SHA256 8b00d8f0d33facc0bc7fea9b8b8efe8a5225369335b38661b35b1f71600a4989
SHA512 7dca3deb8ade8547faafe881f842446aafef74ff797952f1a74a73d553ed44ff32e521a143df0261fcca325d2750073a94f3be4146dac6336fffafa487dbcc37

C:\Users\Admin\AppData\Local\Temp\WQsU.exe

MD5 710424ec7d07ce13abbaf8121ff589bf
SHA1 d641a5b6eef9f3adfa0ed992fea9d4c67c5c4c2e
SHA256 35601b3bca56d24267dfe7d062e87808e80fa67d4a59cb0c0a11c1237b52291f
SHA512 2cfb63063e1b95195a5c16e5ed01b57ac9f34f16be91e05e43d70ef3ef1e3ad968f98518f6ed1b95fd4dd762e9e99a23e1f2122b373dcffe1796d909f2a30ed9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe

MD5 8736c4be0c740c8c3a7c5c61a8534f32
SHA1 865a75cd263cd1cfa61f555939b286e4b19c8257
SHA256 b590e88ed0de59b8c8c3414bbf57c5fdf952693f41d1997f792aa6ba8806a9b5
SHA512 2186345ac1be321d477cf9f67b21b05c68c2a163d09f58a61c7c56acd938d460703798701568bb77d7babbc9d798d29e6ce64134dc87dc513d7f20d0c30dc299

C:\Users\Admin\AppData\Local\Temp\oUcO.exe

MD5 1af4489eed5eb3ab39a5cd60c4d3b24e
SHA1 b3a7061cb6770d08a5401054aad98a2fb022a9db
SHA256 0f988553de09b38955ffde117a27d2746082d63dd24bba675aea45c77131de3b
SHA512 9603a8c8ee7e0f3e65de93b8abd45f9836d661fe2d4ee60fcb641a93511ef4cd8504e853d63d25b3ffbbebf768ca0aa8dfb8fbe4f207044cfc524322b57047a0

C:\Users\Admin\AppData\Local\Temp\kccq.exe

MD5 ab399e06bb4fd132ce82029c19bb5c9e
SHA1 524a7e16e4c164b259d3939b51c691753dcc27f0
SHA256 263c0f7964a69fd12af0ca6784aa2e06f85cf42898540fa82ea8fd0529d85e1f
SHA512 b1141007c3d61b1343fb02b6eeb1b0f079c21cb8115440db594a579da22e4c4bf236012213cecf862bd4ddfb5192e689aac90f3a597bf08914929bb83dd12e8f

C:\Users\Admin\AppData\Local\Temp\YQwA.exe

MD5 0d33668d7c971b9a5cae835f87738cf1
SHA1 45c2099bfd535debd053612d1d4f1aaf2914d6e6
SHA256 c14af7ea00543657b8c168796d7bcc57853e8de44d4a652be2fc503c550a3f43
SHA512 e1f4ca7f07719e8e5d96292fff213004dcbba697d354848b9494f2e1083717fccdf967f71fafffa09d04a1a86fd1100e3336680dbbca71c8a62ad25b113f83e8

C:\Users\Admin\AppData\Local\Temp\Mooq.exe

MD5 70db05da856a75139b8288dd2e4ddb6d
SHA1 6bbefdb5072d697e415c5d9d65994ae14773a955
SHA256 8e7f3651f6d65e8f97b69780467ab37dc1029ff3fd6d08145eb3a3924d3cb770
SHA512 73abadcc2bcb1385ceac2aa14042e68a5d9616a7414403dd5eb96c4dad8a7f08bfcdce767e6fdb91f8047ba05b6487c67da19278d114cc2fa3d258e6f5597911

C:\Users\Admin\AppData\Local\Temp\aswE.exe

MD5 33374c3a416d1795873d57f303b807de
SHA1 fd6f51bedf5845a5022c90a60f53e502d8a36682
SHA256 791f885703c5cbda1890001e4d7e1bba889c78614b4c16f3aff881261652dc91
SHA512 016f2a0d781865c579c6254b0a3904b5695465c41491173665a6a417b36d0f1d953975222c26033d360b936277981853676ab53f93c1b80cfc267d28db664ff2

C:\Users\Admin\AppData\Local\Temp\ygsa.exe

MD5 9b8d6182a37f42f2198d96ee49e3a209
SHA1 31609317f6d82f1f77e9020b13ce946860d1bb36
SHA256 d12d0dcd29e7a122e4a6f646254982e5ac82df063967e995d95efddd2df46a55
SHA512 361f95b28440b63e3a48411681205498ba8c7303351294d832730d024aaf8f910227d91f52fc36cfa4b5158a9fe4a15ff6bf9ce57fc25b1d8327e4d17b06eed3

C:\Users\Admin\AppData\Local\Temp\YoMK.exe

MD5 f834faf95774404bdd8ecf55eac3d77a
SHA1 4fd1b96b0b9fd22b7ca4ab49eb22875cd0c4dfb4
SHA256 91e7075f9ce7d80906c43711e6ab3cd6cf54631eedb620f6863368d5fe1689ab
SHA512 451643eb154bf24551a4a711f650ddc3bc7312bd4f10168ce0828185bcd507a3804ba1b07bdf316c19ccd470fd9d03d310cad19864c7dc66d7d7113d97ca0c4d

C:\Users\Admin\AppData\Local\Temp\ewcI.exe

MD5 5492488ff05719e0c1161e0ce7cd9072
SHA1 f7e6d00349e18778ccde55cfd9350cfd6de1c9d5
SHA256 004d8ed50666e80734e8d392e1ce886b68dc5660e519438a3966ee70045b5f5b
SHA512 aa853630345c072960817f8c47af0b6301cdf4410dbb811350c6063c84b4232194625a80ecce861dc3aa44fb39b3918014420548506a98c4f0757d2ff48eda6d

C:\Users\Admin\AppData\Local\Temp\KUMC.ico

MD5 2d56d721c93caea6bd3552e7e6269d16
SHA1 a7f0d3d95a19f61d30b9e68b0dcee7c569249727
SHA256 f8e8be11d1062a945187b65fc5e5b1500bce03cbdbf6f4af9404b649aacc2aa3
SHA512 c01d86c43876fb8eeab79b72380a00f095d95c3047f530b777ca89d309e7bd797bf83857beab29527eddbbc491da3edd95ba343f6a0725cc565015f095cf0919

C:\Users\Admin\AppData\Local\Temp\ecQq.exe

MD5 9be668b368e9b60c7c4a8429f3a94dfa
SHA1 77188ab99cc755acf269d893441a6a220f718484
SHA256 98d6d719681f40a87aca0cb6706c29f85dfcaaadf6d3b25374df46ca27b503cc
SHA512 fb96f211c03ad78b78cc15822260bf56810cfcaf87b31b128b65f7c429675716591af1dc414b1344a5efcafcb9a22685b75e5b997f0ff1bce73d14e71af31b72

C:\Users\Admin\AppData\Local\Temp\qIsY.exe

MD5 c3db2f3c971c7634ea4b729e20660973
SHA1 5b4bad74dd2f902f9b55107d529d19129e7cbe9f
SHA256 5c579d99c009c39274691858b78b93b2ad360daba3c4ea00404e22bff2af2fba
SHA512 2b0d7d0905d633f2059f3bb8a0b826719acc3cd6ab4a070b1c82dfc629d1a6052c8b3dfe00fe67690d6c90ef8284dd07a218ea5c1133952dc94f61d22f07fecd

C:\Users\Admin\AppData\Local\Temp\Osca.exe

MD5 f93ad92629492c3aa5707673f6ac8b13
SHA1 02007ae7576143cdc56dcfb72cb0654d178dc0ac
SHA256 4e1b91e78528c36f0da4fb40f73c46f93e2153246ac8cb8c09d5ca8d6266476c
SHA512 026c3f56c60fd9ba033346a60b885dcee0a10135b2ff1b30069d9aabe66f828f166f5316866e2d5384d07f89639bac39bc468a6ffecedceb1eb79eca581719c9

C:\Users\Admin\AppData\Local\Temp\IsAc.exe

MD5 30b5de7facf1654e0cdc156eb5176abd
SHA1 ce349238500f34a06fca2d5c8180146f437a2c7e
SHA256 45c0059b5364203c64c4291ba07b13a78a6f6a67e111619082854e0cc605489d
SHA512 d2cf010a1a15682fe4fe5c9ed9239508db15d4a48b9ba6e1465cc901eedc97385811d7da8b194d4c682a326719291344e1a4a3385f5fe49ae9c4d7154778efc1

C:\Users\Admin\AppData\Local\Temp\aMII.exe

MD5 c0cef227cd6067877e9c073d295147b3
SHA1 4d04d494fa0ad96984f4e49a9468597d04683196
SHA256 c2235031f77fbaf37811a0e9b918a436aa0cc26e552a89953ca93967abcab249
SHA512 32dc2ac841b5b9d9241f734cbc82a50b94a40d9c48179c92347519a7ea119cb6ffc3fbb7bd217bc63dc29e953a7e5fbe09d75295f1cd23cbd4203dfb6fe13a7c

C:\Users\Admin\AppData\Local\Temp\woIc.exe

MD5 557036cebc2c8696fd0d770a55ad852f
SHA1 1d994026dfcde5bad95462b640883b8a42a5e01f
SHA256 33b52eabd858ed5b28aa5d43e3024b3b8803c90160b3f16a97bd79c947c3a9ba
SHA512 f530abb21d1c7b3957721cd38232af4884e29ccf39fbedeef8b4f8f715bc9744a98e60e0e4fc412cb6e677295bbb7a49c3251ab4c2653a622daaaf987b5f4f23

C:\Users\Admin\AppData\Local\Temp\wwoM.exe

MD5 dbf2de2fadddeca010288fd1bb665ff4
SHA1 b084035fd78d67d432e90d1f19d12b4774f1dd8c
SHA256 aa1769b961a0aaa426a2e1ae0b5b2ca7c5bdf50f061411dadb6f95d826176798
SHA512 423bd1393b18ba9191cfb7ec6f9e8d47fd9bb21e876bfd6b110e2b391791388da17f945b7506006d4cb77953d1f1dc8aa0a20ec69abe22ec125119bcc9ee1a3c

C:\Users\Admin\AppData\Local\Temp\KMUA.exe

MD5 54477edee9b1ffd2a5b2a030aea9a34f
SHA1 cd3ca2474ae2de9d9bc695ee7b7f852a3948ea8b
SHA256 fceac7b9910f93daf5f1ac58a016cb3ee4817739db0a88d44213a1832ccfb1c0
SHA512 ef5fcfc72c9f82c9dcb7b01bfb57901784e5b2490afdfd0a03cb214e0b759c5702fece1d46b260938fb19264f4978d0d7d6805d0e00f5d25648ad76d9e91cf88

C:\Users\Admin\AppData\Local\Temp\kQEq.exe

MD5 c82649257389869ef81a851ea268f317
SHA1 d454b43bc30a346035fc6f457380ec29fef22458
SHA256 2453098a18963d594566ddc75fa03d6897bd16dffc3d4423e094e589cafa54b5
SHA512 8ed11a662b48dfb4c36e30be755a693ff744d02622ac2ba096776bbeace5661786150bf65a87455dc0e1ea76e9c28ae80372b8db1900e12cb07dd90202d928e3

C:\Users\Admin\AppData\Local\Temp\UMkM.exe

MD5 757ac4d3a2a322e8e9e14470ae685dee
SHA1 72d7d676a7ddfb6dddde3ae049f04080ae1bd593
SHA256 467e8f7b2146a4529b3edddf6bf4bb056a18da6c3a772c6c44debce85de8fbe0
SHA512 3cabb3c855930bfa46957261c52e80d4b3e172fc95d72123aa0fc35c4321fdab322064a32caed5988e6c8b8a9929021ff286859c0ac28fe964a61e15552c3bbe

C:\Users\Admin\AppData\Local\Temp\uAMS.exe

MD5 7148d0ed019e5b705361cc8c846659b3
SHA1 92d6d6bc93566ca45b1d5073639c26b9c3624908
SHA256 aafad4eb00d0508de879818102e47272b05b47866926723eea2bb3502dbc36d1
SHA512 4bec9ec90c81c415694e1b16eb2187e3644d2965881102c32e6c78266ee1a3794356dbad420746ea671f6fa1c37700563536ef50d5330060aa86c95e437eaf18

C:\Users\Admin\AppData\Local\Temp\kQsy.exe

MD5 87e7ffe1be730431a934e0d266ec9a9c
SHA1 6ab46fc78d7fc6747f90f52810a7a96161f2853f
SHA256 cc988de5554043d9fd50ca1cb7e530e1d580df13f1eea551d52b8cdc0b376a51
SHA512 0a26759020cf9513023eb8e9075403316a00bbf9dbd453eb6261f134de0e7701bbcbd95cbe8367361b32dd0c22fe792d090ec7df41473b2705597d18cf68801e

C:\Users\Admin\AppData\Local\Temp\ysQS.ico

MD5 7ebb1c3b3f5ee39434e36aeb4c07ee8b
SHA1 7b4e7562e3a12b37862e0d5ecf94581ec130658f
SHA256 be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742
SHA512 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6

C:\Users\Admin\AppData\Local\Temp\gYgo.exe

MD5 6b9528df1bb6b14bd615ee8b926d8e69
SHA1 6b7a3ef734199cc66561709fc77cda3fd1fc0bea
SHA256 b335b168c097aa65577eef9b35814375db220d6787ac96cdbde549b067232284
SHA512 dfa52ce1bbc6730678d53812f6efa48a159c9d23f1d179069bfec94f70f7fc1e0da2d8ba6291c46fea7a5d7c4472fd8af29028e3ad4564e8ccedd3c2882dd5dc

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 0209580d3a1c3ea7cc919872cab9ad9b
SHA1 ac4d0c0a6e7fc4653cc183ff2a81a78cfc514a30
SHA256 c09a8a1e93fa848111fe14719f87062ca2c0640444f0b0027c131c07a8d00821
SHA512 85677e20d5c5da67a727ae4bd5ede3464ce65c58852ef6e4abb911770b223ee5feab753155e528e4d6199f2a6f04e0fbc0589b185f85ed4c2c11dc3110c79f07

C:\Users\Admin\AppData\Local\Temp\IAsO.exe

MD5 b20a973f6325230d766c26d6b7b9138a
SHA1 2e7c7120775627cc7badacf8b98e1456ef42d41a
SHA256 e688a3a9dfa15849428468cb3cfee4da015534d2c0dca2ba8d78749acdfff724
SHA512 9219451ae3736f88a87d0d74523e61adb18842b927968b49ca48d88bd403132832c49baf5e06b7f6d02df53d780f077937fbb94b9aa88fc07c9ce45ab30f8538

C:\Users\Admin\AppData\Local\Temp\Gcgq.exe

MD5 b78a549c18d7abfe2ed8c3832efe9844
SHA1 c680f6f0cad3ca48b0e079a8dabc5fa16095f025
SHA256 175efbed0bc17f8243279fdd9b8c6f3ee3002b34ef189eb348451d42357574fe
SHA512 bab59cb3fe758e2bcda4ea11141b8bb4712162407324d4f4ac2012bfffa2b22144817bb4e9757c7df4f998126b7eb07cd5bda5b0bc38990707a8d41e41a9bdf7

C:\Users\Admin\AppData\Local\Temp\ksAi.exe

MD5 7a2f5e1cb3adce02070f38746b2f4c48
SHA1 c813e67b2cf58006196063f33e4cfd9ba5cc529c
SHA256 5ba1134bc556defa80ca0d7b4f1af60a7a3517c859b771e51d1615fb1b493d99
SHA512 505beebd1b522048d681265c8878f5b106baabba9d0df31ad92979345e67ad356195355d5c954db7b5b69e51017092b934d5241b1dad375a6c20179ceda6d9ab

C:\Users\Admin\AppData\Local\Temp\gUQQ.exe

MD5 cc206a5a23d8af9f0dd5722f2dcaa593
SHA1 dd2149cf82befd774df83ec00f54917fe9b307bd
SHA256 8bf4358e505a11509cf453d34847c7b7b83ce94c6a5892380d951f35e564bb2c
SHA512 22287608767447e82f59c3ad2ee5b0b306da72fce7239faed577551baabb1a1713d0eb4fb72caf5345b83d0352ec0d852ab1c1cb3508d216b3a8a3cfc2ad0f29

C:\Users\Admin\AppData\Local\Temp\CoYE.exe

MD5 f8aa6a0e521955bbb046bec2732d11be
SHA1 76735d35e6fee51536f416749f1c1c37b57280ad
SHA256 cc2643bfe300f74868ca2c37b53db0eb0400b46df7462ab233af7b0225568dc2
SHA512 e50d4b4a1340e2c4a186f3f46d4275555e9e16176fc904a811b89a8a35f24f389c4f2681e85d3e9572850e7aa59fe68001f629a214b428b6c655574c4b6d93c3