Malware Analysis Report

2025-08-10 12:13

Sample ID 240527-xr7y7sed7s
Target 0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe
SHA256 d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137

Threat Level: Shows suspicious behavior

The file 0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 19:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 19:06

Reported

2024-05-27 19:08

Platform

win7-20240508-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BCSSync = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SendToOneNoteUIMicrosoft = "c:\\program files (x86)\\microsoft office\\office14\\onenote\\sendtoonenoteprintdriverfiltersendtoonenoteui14.0.4763.1000.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HelpMicrosoft = "c:\\program files (x86)\\common files\\microsoft shared\\help\\technologymsitss.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\msinfoOperating6.1.7600.16385 = "c:\\program files (x86)\\common files\\microsoft shared\\msinfo\\systemwindows.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\SystemWindows6.1.7600.16385 = "c:\\program files (x86)\\common files\\system\\microsoftsystem.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftRHelp2.05.50727.4039 = "c:\\program files (x86)\\common files\\microsoft shared\\help\\1042\\microsoftrhxdsui.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\EngineSource = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\EnvironmentBasic = "c:\\program files (x86)\\common files\\microsoft shared\\vba\\vba7\\vbe7visual.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\EngineOffice = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\ntdll.dll.dll \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe N/A
File created C:\Windows\SysWOW64\ntdll.dll.dll \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe N/A
File created C:\Windows\SysWOW64\ntdll.dll.dll C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\SysWOW64\ntdll.dll.dll \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe N/A
File created C:\Windows\SysWOW64\ntdll.dll.dll \??\c:\program files (x86)\common files\system\microsoftsystem.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNotePrintDriverFilterSendToOneNoteUI14.0.4763.1000.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNotePrintDriverFilterSendToOneNoteUI14.0.4763.1000.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7Visual.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\RCX2898.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\RCX3DED.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\SystemWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7Visual.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\System\MicrosoftSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\RCX2848.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\SystemWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\TechnologyMSITSS.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\RCX2888.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\MicrosoftRHXDSUI.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\MicrosoftSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\RCX3DFE.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\TechnologyMSITSS.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\RCX3E2E.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\c:\program files (x86)\common files\system\microsoftsystem.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier \??\c:\program files (x86)\common files\system\microsoftsystem.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString \??\c:\program files (x86)\common files\system\microsoftsystem.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A \??\c:\program files (x86)\common files\system\microsoftsystem.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1852 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe
PID 1852 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe
PID 1852 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe
PID 1852 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe
PID 1852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\system\microsoftsystem.exe
PID 1852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\system\microsoftsystem.exe
PID 1852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\system\microsoftsystem.exe
PID 1852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\system\microsoftsystem.exe
PID 1852 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe
PID 1852 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe
PID 1852 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe
PID 1852 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe
PID 1852 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe
PID 1852 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe
PID 1852 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe
PID 1852 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe \??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe"

\??\c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe

"c:\program files (x86)\common files\microsoft shared\vba\vba7\vbe7visual.exe"

\??\c:\program files (x86)\common files\system\microsoftsystem.exe

"c:\program files (x86)\common files\system\microsoftsystem.exe"

\??\c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe

"c:\program files (x86)\common files\microsoft shared\help\technologymsitss.exe"

\??\c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe

"c:\program files (x86)\common files\microsoft shared\help\1042\microsoftrhxdsui.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 waldes.in udp
US 8.8.8.8:53 windowsupdate.microsoft.com udp
US 20.72.235.82:80 windowsupdate.microsoft.com tcp
US 8.8.8.8:53 fe2.update.microsoft.com udp
US 40.83.50.90:80 fe2.update.microsoft.com tcp
US 8.8.8.8:53 counterslocal.com udp
US 204.11.56.48:80 counterslocal.com tcp
US 204.11.56.48:80 counterslocal.com tcp

Files

C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNotePrintDriverFilterSendToOneNoteUI14.0.4763.1000.exe

MD5 0f0cbb820e78029d86b8646df081f840
SHA1 deed7be3d6216dfb55e76cbed70755ac07ecbe32
SHA256 d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137
SHA512 22e5447c135789172127129911c7fd3b305955d679bb22dca70cfca26b4811aa6afde9c00b15120254094f404fe12b32db4d93baf21675e67e3d2eb22052d18b

C:\Program Files (x86)\Common Files\microsoft shared\Help\TechnologyMSITSS.exe

MD5 a94a5913554e49da13cb33e891416dcf
SHA1 0b59dc05c165b728c6da54f5a7f9cd5141192d79
SHA256 31bc090dc557e5c6d31ecaa459511c898291f8cc60b1d6507baaee673f8f7057
SHA512 e11655816bd307fa433e9e357938c870e6e6fde74599a48a4298766f0c883fdbed15d3f995b7c55f033bbaf02a5a2db0563f6f089abdc916d13522d33a664846

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 19:06

Reported

2024-05-27 19:08

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\OneDriveSetupOneDrive = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftOneDriveSetup26962 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe" C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\ntdll.dll.dll C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\MicrosoftOperating.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\WindowsOperating.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\RCX52A7.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccmebasenonfipsInternet3.9.0.42221.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LibraryLink.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\RCX49AC.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\RCX675E.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\WindowsTipRes.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\RCX49CC.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCX53B2.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\RCX5DB7.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\widevinecdmadapterdllInternational.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\AcrobatAdobe.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCX67DC.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\WindowsSystem10.0.19041.1.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\juschedChecker.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\widevinecdmadapterdllInternational.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\RCX5E35.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\RCX7078.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\WindowsSystem10.0.19041.1.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\RCX545F.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccmebasenonfipsInternet3.9.0.42221.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCX5D58.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodAdobe.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\RCX492E.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\juschedChecker.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\StudioVSTOLoaderUI.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatinWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\AdobeAcrobat19.10.20064.310990.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LibraryLink.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodAiod.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_00608074d7799e78\WindowsAPIs.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_system.data.datasetextensions.resources_b77a5c561934e089_4.0.15805.0_it-it_38244cfa51c0c7be\resourcesFramework.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\RCX12C5.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..lographicextensions_31bf3856ad364e35_10.0.19041.153_none_766dff58d5beafa2\OperatingMicrosoft10.0.19041.153.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CertificateServices.PKIClient.Cmdlets.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\resourcesCmdlets.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CertificateServices.PKIClient.Cmdlets.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\RCX1324.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\EngineMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_10.0.19041.1_en-us_c085ed35d8405ce1\Microsoftscrptadm.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_841b2dcf703e01c1\OperatingMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_10.0.19041.1_it-it_d45d039b342d94da\WindowsSERIALUI10.0.19041.1.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_it-it_abd67c7ccdb802a8\MicrosoftSistema.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.19041.1_en-us_87edf218e14c1622\MicrosoftSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..alization.resources_31bf3856ad364e35_10.0.19041.1_en-us_a2708216c48a8e7e\ShapeCollectorSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_7322bfaaf0abd306\managebdeSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\resourcesMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..chinese-tip_profile_31bf3856ad364e35_10.0.19041.1_none_8a2b738118073bce\WindowsImTCTip.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\SystemFramework.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-speech-pal-desktop_31bf3856ad364e35_10.0.19041.1_none_407031515dcf23b3\SpeechWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.1081_none_9972edde9b98690c\wscnotifywscproxystub.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.data.entity.build.tasks_b03f5f7f11d50a3a_4.0.15805.0_none_e71d94ac8a46fb80\DataFramework.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_10.0.19041.746_none_122faf636b919ad9\WindowsMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_10.0.19041.1_de-de_2c4b545e91e24985\Microsoftagilevpn10.0.19041.1.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\RCX9FC9.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\InstallRegAsm.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-dfshim_dll_31bf3856ad364e35_10.0.19041.1_none_2e7103f3fc577168\dfshimWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.1023_none_5c93ef2449c89609\MicrosoftWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_es_31bf3856ad364e35\RCX1237.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nailcache.resources_31bf3856ad364e35_10.0.19041.1_de-de_e77ad07ed428e4bb\thumbcacheMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\IME\de-DE\BetriebssystemSpTip.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_ro-ro_1219f92ac5b548b0\SistemMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\msil_system.configuration.install.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_fb0bc56dbb59316a\FrameworkSystem2.0.50727.91496.0507279100.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wms.dash..addintabs.resources_31bf3856ad364e35_10.0.19041.1_de-de_4dd6f8c60c2d41c0\resourcesWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\RCXA037.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Boot\EFI\pt-PT\MicrosoftSistema.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Boot\EFI\pl-PL\memdiagbootmgr.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\IME\es-ES\RCX70BD.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_es-es_5271e4fe1d5d533b\resourcesresources.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_es_31bf3856ad364e35\Sistemaresources.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_02b5417e30a372f0\WindowsMicrosoft10.0.19041.1.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f0e5d0a35eb841a1\WindowsTSWORKSPACE.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\RCXE7A3.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ja-JP\RCX2B93.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Boot\EFI\en-GB\bootmgrMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93457fd8b57e67d8\OperatingSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\IME\de-DE\RCX716B.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c7d40ebc419b9a8c\nvdimminfWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..sumercore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_22073328270f03e3\dexploitationSystme.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\SystemFramework.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\WindowsSystem.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-netjoin.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d65915d710f1401\WindowsOperating.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..nter-shellproviders_31bf3856ad364e35_10.0.19041.1_none_4a5f2dd18f3a8deb\OperatingHCPROVIDERS.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\operativoresources10.0.19041.1.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..m-library.resources_31bf3856ad364e35_10.0.19041.1_it-it_35b543fa13574693\Sistemawpncore.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4f22230cd405bd67\SystemWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_windows-media-faceanalysis_31bf3856ad364e35_10.0.19041.264_none_6cee44dceaadd26a\FaceAnalysisWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..lprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_09b9ec0d5024b02e\WindowsWindows10.0.19041.1.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611\OperatingMicrosoft10.0.19041.1.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mirage_31bf3856ad364e35_10.0.19041.1_none_73e8d3cf733772c3\SystemMirage.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_10.0.19041.1_de-de_a8e73645cad53900\WindowsWindows10.0.19041.1.160101.0800.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Boot\Resources\fr-FR\Systmedexploitation.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_10.0.19041.1_it-it_f9b36cc69b4dc165\remotepgremotepg.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4bd70706bc3612d5\dexploitationWindows.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\RCX5986.tmp C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\3082\mscorsecrMicrosoft.exe C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f0cbb820e78029d86b8646df081f840_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 waldes.in udp
US 8.8.8.8:53 windowsupdate.microsoft.com udp
US 20.72.235.82:80 windowsupdate.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 fe2.update.microsoft.com udp
US 52.152.180.154:80 fe2.update.microsoft.com tcp
US 8.8.8.8:53 counterslocal.com udp
US 204.11.56.48:80 counterslocal.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 154.180.152.52.in-addr.arpa udp
US 8.8.8.8:53 82.235.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.56.11.204.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 waldes.in udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 waldes.in udp
US 204.11.56.48:80 counterslocal.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 waldes.in udp
US 204.11.56.48:80 counterslocal.com tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 waldes.in udp
US 204.11.56.48:80 counterslocal.com tcp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\WindowsSystem10.0.19041.1.160101.0800.exe

MD5 0f0cbb820e78029d86b8646df081f840
SHA1 deed7be3d6216dfb55e76cbed70755ac07ecbe32
SHA256 d1ff936ea7f9fb510c9fb5cbde514b1290f956c0913b604367c6a92427f2e137
SHA512 22e5447c135789172127129911c7fd3b305955d679bb22dca70cfca26b4811aa6afde9c00b15120254094f404fe12b32db4d93baf21675e67e3d2eb22052d18b

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\RCX545F.tmp

MD5 be6fd460bfe6390297fbe18b10d04f07
SHA1 65121c2455d58fe5c2cbd9a5ac0a5d9a2d4fcead
SHA256 4fc0118412b20d922db9c2fe0581f54632f380e16c1a2c47f4d462088e696d90
SHA512 3204dee88bd117e736e9d15227aa4a396bf62e1dc0509818b200fd2e1a50c5bbc9a4757076e7af4d3805dc559c1867952220757203e6a1d0488be04fd37e85dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\RCX5DB7.tmp

MD5 2fd547c9cf2d40d018a85862b03787d7
SHA1 272cd00736c86b6f67384550351d0ac492d5c639
SHA256 eab3ed71528310a1e782f3a84ba60e3432f4228dbe7469061fe7fc0377749927
SHA512 fb884300e29cf916ed1e24ed3287db46c51b4c4a5414fa5753bb6cbac85da960b92430678cfb5cb28d44528b96738b6a8874d726f97814c8d0b7808d8047c362

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccmebasenonfipsInternet3.9.0.42221.exe

MD5 a639e151f96f002a1dd9133e69a4faf7
SHA1 91c3e84b73ab0abbbd36413aecbe2d1e7f9a458f
SHA256 1881a538b211070882dbc44ffc26d1079a98c4278b73c5fdc9345abeb40acf45
SHA512 a2006c7ed90cf508b5208a018f0c0cafed5fcf1e09d178a19e81bf506c16ba9405b195db92438a2d72a61d8c69eb87a5306fc130d6205ce083b9ff748a60ff44