5deb105d18c1c90ea33756c61106ff38a042a56c7bf2cccfa3538897942f644f

Analysis

max time kernel
153s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Size

3.0MB
MD5

2461905382f3d7f6ba38613c20a652b0
SHA1

d66de828edc0788e14ad61330b4f87bd778c8e70
SHA256

5deb105d18c1c90ea33756c61106ff38a042a56c7bf2cccfa3538897942f644f
SHA512

9cec6f8795c8609d75be63bdc079834c533a47123360f5b345c28a0f0ecfc6d8b6b0273248cd4f471108f0813e461072b7a704009adff8d8a6363c6097f1cc86
SSDEEP

49152:LZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6Pxj:LARw3UJKHOa/Xffs0S5j

Score

7^/10

evasion trojan upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3604-0-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-5-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-15-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-26-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-42-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-300-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-419-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx
behavioral2/memory/3604-458-0x0000000000BE0000-0x00000000015A5000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_95994112\metadata.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_95994112\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_188405458\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_188405458\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\ct_config.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_1294059096\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3308_1863673732\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_95994112\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3308_1863673732\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_1294059096\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_188405458\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_1294059096\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\crs.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3308_1863673732\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4064_95994112\manifest.json	msedgewebview2.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe = "11001"	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\F0BD97B4EC6CD8B71C35631738259CF9F2E54381\Blob = 030000000100000014000000f0bd97b4ec6cd8b71c35631738259cf9f2e543812000000001000000c2050000308205be308203a6a003020102020468512a40300d06092a864886f70d01010d050030818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d33301e170d3138303832303133313834325a170d3235303831383133313834325a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3530820222300d06092a864886f70d01010105000382020f003082020a0282020100cb4b3875558654bf8a751624dc42559ca09eda226d78f582c9b1bec66128aef7bea99ce1b1444ea6aabe9033d9824551ffaf1a01257005978a462cb511e5cdcc44c3c4065f09efe39448cedb169b004da395ba6f4cc79494d9a13c02e4b7471abb273b924b5445b0abe49858c7d10e0989e6462a458c10910d78aa97b4c3baf58f68b2d900bfe001cce3f6a3ff91035048fcb07434825977d2ada2f104436934cb01d9664349bb5b8efbb5b651963b3fe1aea3f66fbe3be54243bc0ba1b14db596131b2ad14b90013131f231691df8f81ec3c1e222bb0e7f1d997e828e3da24dfbe427440f673942a76eb869d8c755d8eb36b3ea62eac77023fa7ad42faa688578c588fe2e91fd779b4b8a2c9c0b89744971d8e772abf25a1432daef6ade8439bff49c0b9f1e1503a27b757003db7719d5a4963e33fba9e0b2c60c4eb8ba20c42413c67fd85102670741b5b8f40170fb0b50a5ff14587d4971c4e37a24e9fedcd7b578e2350fbbd80384aadf3a8b240c63118f5a03f96a4b52d122f3ec6c90820359192a96fcb5a65547d536a5cb40f82c540a7c299ae7930080605219166a39a1d2422ed5ec82bf142ba6982434c22e7905c06d5d3dfdb490d9be1ce08e66654e89560a9dfa9e8ac79a27cddb8422fe03e07baa2617881eecef101461a5a8b195dea08d79efe9c691cce12962664011d7402cb4f5427b5751f029d9949eb8c10203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d0500038202010088a44a311d098cd5afdc1e8a06e3c5d34da7f409121e095e77506b7da47e3f817076ddd66bf54e7b897854d8df312dd2ce2021271ff9d35e82bc7a21b15bf137a40cd6fe705c69bff0778308222611a2070b8403b90d65585c688117d7ea05bb469302d799aef52e3f4c7e02db7145771b54e579870a1ea0d83d49d5a64a8a0674ed2e54e82d323a7c8e16618d41613b31464d49451b2978e5f32e046517a6117a7727b7936afbbe2c53ce83c4b7a91c1f819c9c2a88e386b2df837d2898dc9be51d21bf852aeda6c6763a7bc878583829322917155bb33967d67ff6fd13b551ba3348d228e9c8d4ebe4b64cb45b9f5b391edc4178ab98f0028a9868e8155c261aaef6c6e0d534708d3554673f2aa8d6aa59b82db4d0e7b96ea1b6b1b7394c3a41d5ea04a34ebf2664329b1fc878a79129462b7b407e7ae552487e0a47f7aa8c818b9a4ae3ca41ea115f63511232c0489a2b2168c91f84f878b6314bc0f87de85529339ab06f01d21e4ad0412c11c2e9e9735cfdde44d38e6ff73ae73ef49f7ccf9db83065438e472a95c6a4da2684f20eb7ed06f88c93e412e96f09977773eca48456370ed4ed46af1da1c3728999166d3a2c9b2ba6ce350b9ac21088e2d9030aff854c6d513e00953652fb9cbfb23c105421e9fec0eb4bb99b09079bd02b5161b06950353fb0cea0b195d43f9735a3baa49a7fee8e70ac42b36537d4dce5d3	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A\Blob = 030000000100000014000000d1df7f06b769bccb3f4479041ec1f06e9cd3cb1a2000000001000000bb050000308205b73082039fa003020102020476ca52b2300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333735385a180f32303638303830343137333735385a30818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d3330820222300d06092a864886f70d01010105000382020f003082020a028202010090dfd02a09d0606027f209b0e8ac54274167bc8ed7026103fea0dbe60546f0f9d016f3eee89a044a65e801837f2bc39a6687b4792251c0b8cdb4a2497125bd0f63efaced5e12957871b1ce4da36a652dca8014f7cf199767154de23b66e494a13817e1cec62b3c4960c5b368a7b4d2cd3dfeaf520a059663b32030cc4cab21a58ce7a67107cf6d561bd9becd6dd535ab1f4053b987fd730db3323c88da01b2a8c51fe5151dd8b6361c732ad661b908b72c9b664ef29052098306b9660e94a4e5fa00817e36bf3b970b40e9168369bc8b1b9707c4fb66dbacc26a42a0baeed6b9699979b08e5ddf7e1e9de514ea259ce8f93a5189db41c5cac404f8bdf89ccaaa03ad757ecafc2cb1a8c3aa36a47335588156bdafcd0d151e9cb8da2a7c83cb20771b9969604ebd58fd2d05d27fc761fdab1f483b309c1c40051446623ab963405cf2d36767f8d316a8b07a2d4e26fdeb19a4db45d87be38eb4b470634ddc26a803b35a40d4db2285fe54f329463497beb06fd5ef494ca29f9af0a714641f6006c4b0b94106910cc2182b6073f821b62f9efb0aa586b28cfac4813ffde55e6d182c27c702c3242dc2dc4e5a2a034e9714e1bc998179d1c3f483ad27acf63fcf12bdf1ff59982f42166203ac5cea6cc6c2cca1ee9880a585396c77039df58db2de1103da528a310d37a4bff7d10d7664c209adeab040ce39d50d74a791dc292c890203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d050003820201007b879c959437c3b0276212fa721f93d69b4f933960ce69e2bdc29887c11ff8ec9c194dd627c3a0923d7d91679b208db2698cb690c13b8dcc9cedcf00b720f772d77e249e32b6345e3da4ed44090045f40e2c8d7141dc21bc2a3b198e741af7d1e4e502e3dc627f7e02d25bb7720f74eed59818a5400d05a219e5cf664d215f8806d6b54438482421f937159772c813ec086bbf9571b8f8cdc972f769d0548c0fa9a446a595a7e9df14171ac6015b592a16a2ff00efa85d24ed5e9b2cf1a006c453f828e36f5f97b58b5d502eb4df3c250e7acf5dd6120eec466e74fd5046b759e21eb8873f2ba48c3493a9625689d138526c4b63f8cebdd418ceaa560789200d111fdb49aa784dc1056d34c0ae44f5cb728790a1a39df6c5224f3e7ea57b86e5b6b83dd25116c0a9bb0ff39da7a4b482de405c674167088b2713ba2104685fd348568cfa2c0d6221043cc5d409b83c7cee1259d7d404d48bf5156a441196bdbc0ab6a822d5aee19dbe6f9531615ae64d79080d25ffe3a0316c153cec9fffe28f6d2b42b7cc31ce805edd266c51296e44630361e9fdfac26e5fcaf478d2bd21a8aec8b4fa27197eac1db77801f801b18b40c01a1025e6cdea4fad09a4db1297e21f622825137d75022788f7cc236f69671ee9a3c3f64a21592f585babde90734941b080eff15a3b16fa1f746058d40f7ef058a6468697659eb451764aa77ffdc4	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\906CC149415780CFB79F39E1CF449F87CA6D4D16	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\906CC149415780CFB79F39E1CF449F87CA6D4D16\Blob = 030000000100000014000000906cc149415780cfb79f39e1cf449f87ca6d4d162000000001000000c2050000308205be308203a6a003020102020426eece61300d06092a864886f70d01010d050030818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d34301e170d3138303832303133323030305a170d3235303831383133323030305a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3630820222300d06092a864886f70d01010105000382020f003082020a0282020100cd7b729e27eacd73568391ebde53f29a02180359eefff6eebb76c4209495db9f95eb9c5af5be1f36aa3638010067c85c324eb3ed319d2a25136075ebbc3b8e1b7cd3344b32a8892625421b1458e9fc5c69e317179e0d9e1d3f762d58fdb72e0d58426c12f0013ea1f42d73c99583e6d046a94e92fc5da7f3e49a1dff7ef684f6dd2453a0e899b2db519689f51c201af98dc515f8f13eb87dc9706172bbee5048ddf965d4763860b2ca9e3889f7090789bf85182625a1a8a274b36a5be260dcf95344d22350bec58e434f1290d40d0af3e1edbf3470a78a30dc397441ede657f4f6d76387361aaf44f227b5b8582dfb65fd06af883c1bedb9784eac964eac7cf9b3d3f4cd7b20de9d258fa2da0a737808e0a39779d05274470ccd92b71ed7c23ad665122a85fabc8e7f3e195b8b45d64ba800c01723fcdd581a735849065b27867f776f632dc29689813c3546dd430aff9a8c1eb089c75f6f98def0501ec8d52b166449dcf34727ff0cea29f6b0acb082f1bd717fbfac38e710236af5819d7daa9a77ad63ee431be9c77463b85195d99e87dee3aa951c3945f5c992f96a3b6fb3d039dc8b7464095e34ac5426416e76952d491bdcfdd609c382311aa54ba8f7b66957361b07a92332aea9db068ab116434b49a9cf5a1d5c8c66a7387339ee4033f8fdf59d39abaa9aa4cf2c55db94110501fb9509f93d78581d4cb0557a0006570203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d050003820201008619f6a0666ccf6eabc89cd5b0f6cd8261d99616588619df4f53f5b51c8d3a3badad24858be5080febecd663ac6e53df6ac444b1d685818154bebc842df86ebda49f1765e23f2327a86d3d571218c6f96f71662099d9b949d794610f077ae6cd3ed2e3aee9b5d656f965c692f99431765261e683daa8ebce1f262bce655a55bff85aac87ed2ed97db044a8636404f43c0f2dfa4c9a40644252f64e779d2d6cb90449c69904a7526a194b681dac31818b00af6785b1f9e1d2e62d855e4c51914b9c6d22ac6e5c83cd13323a5c067cdcc39b70f1e393b13347bdce41861ebf2ff24df58b8c636f6f9a4311274c5272d03b66e25545327bc1ec5f2007d96907cb2c50a67bf1542a09a631890ac406a184823b2abd5752644a5a616997d57b8dc585496faf6431784ef43eb2be1fcb8f1405bd9e7406c4154799e397c9908e7ae5ff6ab3d0c21207808163067ee444e9976db68ed64a39007883124da499cc620af19fead4a604d40b40ff9df973a8971b55ec8736de30600a61c562a7afa773dbf451d1fd4304d059bdbcb060c50ecc4d11ef1afb3d89d019185c2a7b39d986699840501beb9c273bc52dd98b287184c4c7d284bbd25b2056f692144c3988f66702043e6ebf4b2cdd2b946ee4ec1428a758298da469437ce7c1ff6b59d7b35a4c2906bb4514d54d7238467f753edddbcf3102a4b8076193354b77c9ac8369f1b43e	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\SystemCertificates\AdobeCertStore	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CRLs	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\F0BD97B4EC6CD8B71C35631738259CF9F2E54381	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\BF89E52F8D681360E6B84941BD2F9BC0093309F6	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\BF89E52F8D681360E6B84941BD2F9BC0093309F6\Blob = 030000000100000014000000bf89e52f8d681360e6b84941bd2f9bc0093309f62000000001000000bb050000308205b73082039fa0030201020204732d29e8300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333735395a180f32303638303830343137333735395a30818d310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793123302106035504030c1a41646f626520496e7465726d6564696174652043412031302d3430820222300d06092a864886f70d01010105000382020f003082020a0282020100c5abb3c132dad58917d5d16297afc9c5e022b1be4f882f223d84017d6d1f3f7876ab3b3c788f110ec61fe379a9702ab2998ec6b2e8308fdb5a46610d348e7cd9227ce402f53b2a9345213ee9b0d3142775abe8d383e69273ee31e8cc51e9f66295675150c0e3157c0728d3c86caaeb6dfe909eef2d6f840f15507d7ca5806ed40df2be5d8cb8228b4b346ba751c24eced6b9c9339c45ee07656781442b8d2a17edfe15766f0aa9857a4946cb47ded9ec7f92e90f296c239f2e5301ec06a6dc5dc8be6d145b00989a115a2eab58a0f749190e2c998a61ceac167891884c4894ed1a566377f6fdcc4c0045c94df65e2be0dae2212ef46422e3de99e6da1521880a57512b54c0c76b4d1cd9b796f6bcc9dd6a20e505bf0e4a3e268a2e9cfa5383908edd33f23b3d65ca10b0609d688526fde9dba3dc018e0eed03fcbd9ada0384b058686480f0c619071e482ecbdf587235f51b1188bbcd439f8758bc7d4af861ec39611533ee33e13bff0e906da1ef4442d69faaea5a4aae1e1a8c63532b3dc872e9d21ce802d36952809d38002d730dacc0bcd0bdd788d488bd9318abe329059ad05361098e0ac732e0639de0478b468b82340d23b1d4408138ed8c047be37694177ef9c5e65a2edc1fdb2ecd73c04e4d410b7ec9a12c11d663c3c432060702c2bc7bda4ea59d9a411143a84d6169d1093071e2c4cc5c830fb8b0fff80db73e870203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d05000382020100272f889a5f788763bb583ba95f4c6f86fade551d804b4069f6a28739a4c8a81c853b962de2a84bc86f3de07a283422405d4292192c680dd243697ff4cd83c1f2aed3a3f9ed9e55c8ccc24fd0028c78d466d8b1917557bbdb795d6f9ef8154046a779d8d68c015d08f328f89d4abbddf0bffff26bdfe409b8848da044042c11d9f3a897eadba9e854dacf7d70b04f94cc5ac1dae67ca5d7a0442285b4fb4c5af585a0fcd0cf886d813174b3c270db0bdde7ece0b70fd068baccf567d48f5449575292a0edd7852599e71eaa1eeef5aea019cf2e24ed33e2c91bb2f99479997bd308f3070f467f8bad82981160dbf36464b42f3a489ec00754767363a7936341027b89cd0fdaaab18fe8030c510586058dedf095d441a26e410ab59452bded91b9d81ba7d40f484391b4b9420cb95dade6898ff21f591e85bdf6fded1dd6fd76e40571d1b49bb3e950cf12fab0dc23eab4cb6079592cc75a932e69a073bbb3dfd02b6a5911ab23f099ddca6506750cdf887e188330511d51cb04ece4dca3e6267eff5eb9cff97f23d7a2d80b78b9d486379a4e9db5ecbf1e4cb21da6c961940d316751015db0aa4dd7782a8327989c9ce73910411df92f87716217543aad1010ba5b45a3951b00e8214f0cb098ffc870cac50d57402f80e7571fa971735b8ed0de3636fb05b7eae4d6a97060a2c0da34704268222efe7f343fac6cd7efd77e2ac7	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CTLs	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3308	msedgewebview2.exe
4064	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
Token: SeIncreaseQuotaPrivilege	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 4064	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe	91
PID 3604 wrote to memory of 4064	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe	91
PID 3604 wrote to memory of 3308	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe	93
PID 3604 wrote to memory of 3308	3604	2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe	93
PID 4064 wrote to memory of 1564	4064	msedgewebview2.exe	94
PID 4064 wrote to memory of 1564	4064	msedgewebview2.exe	94
PID 3308 wrote to memory of 3828	3308	msedgewebview2.exe	95
PID 3308 wrote to memory of 3828	3308	msedgewebview2.exe	95
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101
PID 3308 wrote to memory of 3160	3308	msedgewebview2.exe	102
PID 4064 wrote to memory of 1208	4064	msedgewebview2.exe	101

C:\Users\Admin\AppData\Local\Temp\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe"
1⤵
- Checks whether UAC is enabled
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3604.1444.3984661732922341589
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffc38392e98,0x7ffc38392ea4,0x7ffc38392eb0
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1788 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:1208
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2160 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:2376
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2224 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3444 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2272 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4728 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:5448
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=1792,i,11530843257397834462,11592017988242952600,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:6128
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3604.1444.13128605416335445910
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ffc38392e98,0x7ffc38392ea4,0x7ffc38392eb0
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,10229933759304324953,1183369894271852485,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2076 --field-trial-handle=1808,i,10229933759304324953,1183369894271852485,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:976
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2352 --field-trial-handle=1808,i,10229933759304324953,1183369894271852485,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:2076
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3432 --field-trial-handle=1808,i,10229933759304324953,1183369894271852485,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
    3⤵
    PID:408
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView" --webview-exe-name=2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=1808,i,10229933759304324953,1183369894271852485,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3948 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3308_1863673732\manifest.fingerprint

Filesize
66B

MD5
0c9218609241dbaa26eba66d5aaf08ab

SHA1
31f1437c07241e5f075268212c11a566ceb514ec

SHA256
52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

SHA512
5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3308_1863673732\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\crs.pb

Filesize
278KB

MD5
981a9155cad975103b6a26acef33a866

SHA1
1965290a94d172c4def1ac7199736c26dccca33e

SHA256
971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

SHA512
2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4064_867760491\manifest.json

Filesize
102B

MD5
8062e1b9705b274fd46fcd2dd53efc81

SHA1
61912082d21780e22403555a43408c9a6cafc59a

SHA256
2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

SHA512
98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4064_95994112\manifest.json

Filesize
108B

MD5
763e003bcbb80f3c81522cb052addfa0

SHA1
fa672c6fa9ce939d607a1526ca13ec245514b43d

SHA256
e1d24c2bfb4bc07717aa5833146ed55b67c41ef17fb61ef276eff923bb1ec20f

SHA512
41062cf02794548d6df38205fb369d1aa614ac67030cd909b66a23735473f76de1a3c0bcf0895c932bf9b5c506c1d9659745ec84ec52e361881eb474e92e3fea

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
5e6961a361c946adc3a3f5ce468dc246

SHA1
2d2acd9c0381b4dc82026f01b5b0d98cd1826ec0

SHA256
37e7be9c0004f321698722e80634b644ee6ad8de223b13bbffca8163157a6ab8

SHA512
ef0b8974c8ed94a102ecc40358e0adffbdde81a682a3d9f38c5a47b742b830c29f113714e3165a35ad445eb3a6b66f8e65764ab41eca7ab4003c98c2735a8263

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
0ff47c881187a5261fc831e5bc74f193

SHA1
d90d38cd0d2276d1660b82bb88db943fb8db78b9

SHA256
2f6122a50b602a4528abcc994b6cb3abad7386cab8dd9ccf678a32f21e795f05

SHA512
c024c657903df95e3cda374e5a29c2d19ee675c63abd90172f81398f8a92922b866bb85f06195207f64826db0d4d950581cbd4958899e13b759131086fc808d6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Network\Network Persistent State

Filesize
289B

MD5
63e0f5f8718aa0e774240ebec904417d

SHA1
ee6957ba9d3a87b766b1cbd7c84aed6ebe16ceb1

SHA256
724cb19c8c10277e30d07287f9c61c3792c48bc5601c8edff8f48ddfe3351fc6

SHA512
5086fce8b51bc1f7cc30bfb93b389ce34c3d078f65502b0670b0b6e7073f80ea92bd31847de91a065b6ec88d38d1f0520c7a7a763320e31ebb59b3dcccd44ad6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
e9c05e3854f27fb08a041907007c4bad

SHA1
3ab97dd5a94652fbe0e39a91031facb23b6d088a

SHA256
90c647d121191a16eab1d8b680b9ee12deadb485a073a5baf4454f0adbbaa36a

SHA512
9263b024c7844419ef06b30038235417b8bd2709ea1c5c0f37a685ff10eac86643c8efbbbe51972537fd2c9d4206baaa083b1b5f18e9322da8ecf095f9fce100

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Preferences~RFe597b02.TMP

Filesize
5KB

MD5
c11b120944a21ec29cf6b693615ea1bc

SHA1
1ab326012228e018c3652bc98219c3d52c8561d9

SHA256
d42a130b226cec2634ff7acfe00f8609c012744d8f061a2bf4247d241a57987f

SHA512
e8446ef9fdb73b83b52d4a0c81bd13ee801573bfa9c6245fa98daaf9ddfbb358a21dd826379e3d5ff345695f8d3da66b49cbb70daf44aac5be69b7df3f2993e5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Local State

Filesize
1KB

MD5
9798342e8e05ee86f2a831bc7f0c5e28

SHA1
97aba855247550ae39c82b23b2787353c8d0eb49

SHA256
b7dd5f30d8d158ad79349a1adcbaf42261eb7371db18e21c131f29a442e80c08

SHA512
3e3fa974d8fddaed36e986145d389e17523898cfc1c19e6adba565d8c2805b69e39c5a9471110d35f8a8378dec8c51a69624e60a4421dfee3710d8b3a98fad95

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Local State

Filesize
2KB

MD5
e74a68b6a74fdb1be2e9ff621f765000

SHA1
1d312f3756ca130a82442d79d2533f9bfb2a9d60

SHA256
4677bb82ff1b911eb445453564e6ca821685643fb204f29c53df246cdc5ebca6

SHA512
ddb3e84a57f6c559f3a5fc27e1491454ace8be7ef3e783a622f3dec475311c75216c72dc5387d6260e36a7d096511b922212694bb38ef4a184cb89f9136a52fd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Local State

Filesize
3KB

MD5
dfadbb51c5b5734a48efac1081710256

SHA1
bc3ca73ca037400271fc17e9d838ecbe94c1e60e

SHA256
f11e54ffb911231671475a06c36f41e78b9ace4ef13b1e51421209cc2eb466bb

SHA512
13cc4ca820cbc0690b2b202ec71020754a62ac438a487e3ec27d15ac9da88e16807affc76e73e535f42ac0fa1b5581ae872f87ed2441237c6b2fa86494723217

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Local State

Filesize
16KB

MD5
24fa8aca9394c862297df72652cb640f

SHA1
4eb14a0d478c55a822e6224a4a3a209427f003b8

SHA256
07e0aa38e29b97a46355be52cb663c5bc940d3a5f0c437b908bd64ae2d422c15

SHA512
f4f1188f672973b63cbda54d9e26af1bcf7364b73d1dc123f7fc9b172604294d84f43c83f883351e869a8c0bb835e58b9f70d69671d748b8ad0b963734e9b18d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\Local State

Filesize
3KB

MD5
d24d63c92e3b92d8ceec2dbe56306fe1

SHA1
65301f84177bbcee3bc0d74cabfea0832207a3b4

SHA256
3793eb2267d86ceb25249febffc66ff2f224f09ac7881a08acbcd9e1642668f1

SHA512
389a32b9a4957bbeac10fc1f8f5595f851017fa9b9144aa9e5e478be475b69ebacaa29fd4941d237fb7325a0ff673c9dc51116c364b7682cdf78652f6cc55825

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb

Filesize
7KB

MD5
df3d937079b894c891f9b0b741874928

SHA1
ed93fc386807b3a28fcc7988a88ae4741bfe1b15

SHA256
c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

SHA512
5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\2461905382f3d7f6ba38613c20a652b0_NeikiAnalytics.exe\EBWebView\TpcdMetadata\2024.4.29.1\metadata.pb

Filesize
31KB

MD5
7b9001fd6a5786c7b7edfa104a1eca5b

SHA1
462bafeca182a3e600ba22eaa1cab15c1a70831c

SHA256
779726531d52eff63d46df72ddcd421921b2e6bb918147a18c2adc28f45e693c

SHA512
f16d79a093c55408b6c118a743c5d77057dc899f5303c55003298fd67256f58200e085d03471f421065db1d3b131393f2e3a96ca71e35c94f1ba7a0569029918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
642b0349b2ba65ca7079374f359d8713

SHA1
f4a5914a44380e1e091a57d85da6b4b9f6963998

SHA256
88b6c52ee614fc5a2a020002c9a9437c1497c34213f0b67de6179df0a5d6b5ba

SHA512
6dd0153786cba3c0203420f929e216a7c5bd2f86afc63e6984b2066d3137cfd87d7f72812488b3ce8e153c2c240e0cb59e107f223720c5f2585c51e7b4720ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\CCDInstaller.js

Filesize
1.2MB

MD5
fb970bc9889933229160723a60571dde

SHA1
b1b68348b77101b31bea510311c6e85451f833fc

SHA256
39e34fc3dfd74d25631ea2fecaca70a5d767b5f3f40f24380237dc06a80252e2

SHA512
65c4b44e42c7d94a89be9b18ef7589f16f247f47f459da2e8b59b4ffbbba25cbb07971f8484e9bc25bd8c6f953a291ab9384a154aab9ad1572375b3b30c31886

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
18c5e7ad25a784b22df7713cea1bfd0a

SHA1
82e62287a82b41ec5a589674c7f292d631a6b7f2

SHA256
c05e69f3f67f399fae8dd81563155b3de4c93d2b04c7ddf78d91e65a43a7855e

SHA512
85d7effaa4ef6aaff157897a5251523c400a66eea545991937b250fe4c73c70a39984c7ba6a0616d77ef3b1eadee23969e4a1362ee5d51b0925c90aea651d6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
90d0a21b4dd255fcbff2b5fefd750a67

SHA1
2b28ead86da644facb774b361b0960a3790cc16f

SHA256
d9b791cc4f517f2eeb0e6fba5c00631c56b5a59b51ad9b1b05fa68d0b397cbd3

SHA512
47d2f876d8dc155482db5d0c9bc4c08cb10ccb98d323dd430db1306131a4929afd98818f50d9c4a3992a55aa67214c3323d00c216caa89f2bdd89c26e1cac19c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8b03b3e0b542621f33770fb1e5e33181

SHA1
eb4721b6e534442402ebf3ea74469e336eec4ed1

SHA256
efaf7ae75978ecbdfc5190daf037c694f1e0c4ec6dc0fb4999617616f27a2f49

SHA512
ecde5c29c4e3373343b8e0c7cad08dc26d8c373bf18c608f8aa1191edfeaa01a0c972bb095c34eccb7d12ced3d0cc2f409c7ecf541acd63504d3688feabd5df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe595ec0.TMP

Filesize
48B

MD5
41e0af4d3e3c1f06c45217d88d4a4bab

SHA1
aff2e67be9ef05e5a29eaddbfd4ae97bece50f53

SHA256
a630df4abbace1c59255fb2aac4d3ac7828c44964c7b1898f0488b456f0d1100

SHA512
d9f5a4ff6197e79edac205b05baa92dc902976f2336134a2ebf45979d4f63578df3a621e6b179c6d466eac7d3e16326f5d4d3de0d62e789196fa1b812985ab7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\ExtensionActivityComp

Filesize
4KB

MD5
9088df5de5b8306c52e744141a100532

SHA1
0aea85a36ef3ddc53df198227fcaf212139ae1db

SHA256
9827429749037198cb3d19a851ccff2adafad344fbade7220aa022d3c9e2fa85

SHA512
96c0c8ee90bd8aec34ea905f48e76ed7dc370d24f64efaeadf36e9b59b9ff01856ed837b5169241ef2bd4a6b8fe2ee77de443b09b9ee604e39f9ba57929859e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
a5a274ad5d8d83301117337280154924

SHA1
bfd86c800d4173e2b3b004504cd398792012d1a2

SHA256
0c597e2d5a0cbffbd398a84e01fa24bfb89d87744d03b5f0391640baf44c4c59

SHA512
d280608827685eba223eddd852238e5ef3fc8973a676c93ed742278d031823b6322db4b577f25f5be4acf158ffc808787138d61da142385e097b599b5728ddaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Preferences

Filesize
6KB

MD5
b361fb287c58fc8f718f75737cb86e12

SHA1
7cb49a5a07389be32a62fe9c998d7db9c9c7550b

SHA256
28490d4f51a5149d5d6dcd9ca561f4cb816b1d7647aa72cb27c45075dc97916f

SHA512
4c188bc0cd51967392999a4c92ff7041d5ac0e08823363b5e6ecfff45b6fd3e5d154a8a9346a46011c6b3585046c225ab1db90c23bd0421c071b42381cfae771

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Default\Preferences~RFe593cb1.TMP

Filesize
5KB

MD5
ba19f26435a9593e7b6854549c927441

SHA1
a23c0df0887992b8dc534943a0ad5a8682828af4

SHA256
e8b7a305f8340a9df22ae9d501b6cae4cddbda4fa3485d9b99ea0f50b982ab4a

SHA512
dfa8197385ddbcbb7b2f79d0fb56242519da6b2ddbdd21af3e4f33de6dd59a0eaa647568f904521cc349c09c7b2a802be4f5baac9f48ad8e14ae336661bd1e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Local State

Filesize
2KB

MD5
2289ea478b6e98bf351dd2177b0d1dfe

SHA1
64e0b451c4cfe4ed510bfeebd97fed1db42e4d31

SHA256
0362f0e92b7f67f40113e7744537805f08debe71ce059649ed597f8748cf88cb

SHA512
c50fc7e845a4662760d56bf60dfca4c08b68dcf895fd38b31362a5faa7ad7d0a7ecd523d8f30c0cc31a4f86636ef1da58488a57559bcbcd3435b9d7978838d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Local State

Filesize
3KB

MD5
f60ed06a14e279c39a1b80da37aabf8a

SHA1
2f6395c25d36a45ed9f5dc2729a93d2720b233ae

SHA256
075fbc2efefd8a6e3e50ac34a71b015f4a93be0700d760ff1b03ae651d6179e4

SHA512
6b5cfcf4052b3a34bf2ed901e335ffafdd3c04b1143aacebd99421437dcf230ca36d21dd2c95653ab01418f97fd1bfcb41628bcb0e7c5336554028d292bc93a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Local State

Filesize
3KB

MD5
18b749303ebb42286693e5cc23c0ad47

SHA1
c44d2fde333021a4cd9eb2cbae7c5054937452bd

SHA256
7cdb72bc2cef06fffaebddb79908587832f0b5243d33c668c1ecebce94e529b0

SHA512
21bb52ae93051edf3c96781e6e181be3b257c5e1ea3df93f096dc2c014469a8eeaf2fb170384c59ae9c11cc19210be5cb00bb145088ce0269caa02b60cce75c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Local State

Filesize
15KB

MD5
9b64311132c9228e562f2b20ea8b6928

SHA1
60ff7ad6da6eaa26405b2b01bc06aebc46ba9d0a

SHA256
fb8a06a55033704d40d4216e469ea2c01d2ca02b3262bb47d92b3b665da67b11

SHA512
ea08bc7e566ea3694aba3cff8d3db7312667ea8acf24482279e966e0f33a3184647c85a538f9cd545d3361b90a11a5392fc4a8bd69ace1b18f675252c89bed5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\Local State~RFe58dee2.TMP

Filesize
1KB

MD5
db026e10a84acd4548d35ec65ca14cf5

SHA1
36e4604aeffbb28fa525fc179086a0838c46a19f

SHA256
734680dbcb6c9d4a4c8eb17e9598e51db53db8432f72c02db4087d4b659e0564

SHA512
d0b9584c2c23941cd2fc2062379a788f2b1e786a72c589eff6d55703e098f8a1da853ae21c4953efa8557a09c320a00da331fe4de65a9dccab5843682383ec7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\EBWebView\SmartScreen\local\uriCache_

Filesize
29B

MD5
47d41a980668e9bfae197488d6d56feb

SHA1
8acd8919b112d637a18e4c2f79f61fd62d2a1e6d

SHA256
87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43

SHA512
165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\index.css

Filesize
917KB

MD5
12db9598ecdd44d5f2fcf9c2eed93619

SHA1
8afe7f33f182c191657a52fab99805524f3c53b4

SHA256
22db89651ea56cd8fd6d2920c0bf7b02459989b60272522d4464cb43edd2f34f

SHA512
ae14e691c55a85e0897f8d16005f55d3eaa2e29649f6cecef54d1b78f577cff68a558a60141cb2f8e951c6cca90072232ea12e6f1776ab4c67c70f0f4a778ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{48B0BC44-C519-43C5-987A-76E53A98AB4C}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/408-114-0x00007FFC5CF30000-0x00007FFC5CF31000-memory.dmp

Filesize
4KB

Download
memory/1208-49-0x00007FFC5CF30000-0x00007FFC5CF31000-memory.dmp

Filesize
4KB

Download
memory/3604-419-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-458-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-26-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-300-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-15-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-0-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-5-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/3604-42-0x0000000000BE0000-0x00000000015A5000-memory.dmp

Filesize
9.8MB

Download
memory/4628-86-0x00007FFC5B8B0000-0x00007FFC5B8B1000-memory.dmp

Filesize
4KB

Download
memory/4628-85-0x00007FFC5C7A0000-0x00007FFC5C7A1000-memory.dmp

Filesize
4KB

Download