Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 04:28

General

  • Target

    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe

  • Size

    84KB

  • MD5

    7713f54bb97a7d77d8452e14dd9bed10

  • SHA1

    abc09b251103e0504e05de438af9a03e2cb02538

  • SHA256

    219248d0b833e5871fb0c28f50e4f813fff6d72ab4c3a11e734b3601d1d78358

  • SHA512

    75bf372e7ffd3d3ad759ad7c4032b750de35de324dd772d1a0b5886574bef6a0f0f29e54d05641ce170ff7dd75a09e3048ba9ce52d4c330fe0a444f58740b478

  • SSDEEP

    1536:g7wc1aGNC0klI7CPpIFa6ksz85X3uh4odJModymYn1bniwCC:g7wc1aOCo7CxI4sz8oCooT1bnfCC

Score
7/10

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:3440

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=26E64D5D45536AEB329959CD44B36B57; domain=.bing.com; expires=Wed, 25-Jun-2025 04:28:07 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7095380C7F3B4CE6B2EE4D5C7C2C224B Ref B: LON04EDGE1217 Ref C: 2024-05-31T04:28:07Z
    date: Fri, 31 May 2024 04:28:06 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=26E64D5D45536AEB329959CD44B36B57; _EDGE_S=SID=02BBC24CD1DD612A3959D6DCD08A6034
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=5-lqbH4teO-3o_TzWSttNg8CpiRcafmNEzkgx91eIFE; domain=.bing.com; expires=Wed, 25-Jun-2025 04:28:07 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 45DFA709B03340FE9ACF37C184EEF2B8 Ref B: LON04EDGE1217 Ref C: 2024-05-31T04:28:07Z
    date: Fri, 31 May 2024 04:28:07 GMT
  • flag-be
    GET
    https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    Remote address:
    88.221.83.249:443
    Request
    GET /aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=26E64D5D45536AEB329959CD44B36B57
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F62DEEF2E29F445F9595A9FB0A2CAFD7 Ref B: AMS04EDGE1114 Ref C: 2024-05-31T04:28:07Z
    content-length: 0
    date: Fri, 31 May 2024 04:28:07 GMT
    set-cookie: _EDGE_S=SID=02BBC24CD1DD612A3959D6DCD08A6034; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=26E64D5D45536AEB329959CD44B36B57; path=/; httponly; expires=Wed, 25-Jun-2025 04:28:07 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.f553dd58.1717129687.67ba373
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    16.24.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.24.18.2.in-addr.arpa
    IN PTR
    Response
    16.24.18.2.in-addr.arpa
    IN PTR
    a2-18-24-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    249.83.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.83.221.88.in-addr.arpa
    IN PTR
    Response
    249.83.221.88.in-addr.arpa
    IN PTR
    a88-221-83-249deploystaticakamaitechnologiescom
  • flag-be
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    88.221.83.249:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=26E64D5D45536AEB329959CD44B36B57; _EDGE_S=SID=02BBC24CD1DD612A3959D6DCD08A6034; MSPTC=5-lqbH4teO-3o_TzWSttNg8CpiRcafmNEzkgx91eIFE; MUIDB=26E64D5D45536AEB329959CD44B36B57
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Fri, 31 May 2024 04:28:08 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.f553dd58.1717129688.67ba7c2
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    203.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.107.17.2.in-addr.arpa
    IN PTR
    Response
    203.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-203deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 627437
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BE76494DE5FA4E1690A0FEAB2D15228A Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:46Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 659775
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BB46113EEC384140B14BCEE7049057D4 Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:46Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 621794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4F20116D809B4913A56529369636B228 Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:46Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 792794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 39808077D92240C6902ED7DA6D13CC40 Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:46Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 449656
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 571E8664C1234D0193246D1171DF983D Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:46Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468637
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5F6B547DE18E476488145927C26315DC Ref B: LON04EDGE0620 Ref C: 2024-05-31T04:29:47Z
    date: Fri, 31 May 2024 04:29:46 GMT
  • flag-us
    DNS
    resources.jar
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    resources.jar
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    cs.stanford.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN MX
    Response
    cs.stanford.edu
    IN MX
    smtp1�
    cs.stanford.edu
    IN MX
    cs.stanford.edu
    IN MX
    smtp2�
  • flag-us
    DNS
    outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN MX
    Response
    outlook.com
    IN MX
     outlook-comolc protection�
  • flag-us
    DNS
    smtp1.cs.stanford.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp1.cs.stanford.edu
    IN A
    Response
    smtp1.cs.stanford.edu
    IN A
    171.64.64.25
  • flag-us
    DNS
    nocorp.me
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    nocorp.me
    IN MX
    Response
    nocorp.me
    IN MX
    in1-smtpmessagingenginecom
    nocorp.me
    IN MX
    in2-smtp�2
  • flag-us
    DNS
    outlook-com.olc.protection.outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook-com.olc.protection.outlook.com
    IN A
    Response
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.11.5
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.73.18
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.42.8
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.11.14
  • flag-us
    DNS
    in1-smtp.messagingengine.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    in1-smtp.messagingengine.com
    IN A
    Response
    in1-smtp.messagingengine.com
    IN A
    103.168.172.220
    in1-smtp.messagingengine.com
    IN A
    103.168.172.216
    in1-smtp.messagingengine.com
    IN A
    103.168.172.221
    in1-smtp.messagingengine.com
    IN A
    103.168.172.218
    in1-smtp.messagingengine.com
    IN A
    103.168.172.217
    in1-smtp.messagingengine.com
    IN A
    103.168.172.219
  • flag-us
    DNS
    alumni.caltech.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    gzip.org
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.40.2
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.11.13
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.10.6
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.41.22
  • flag-us
    DNS
    gzip.org
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    cs.stanford.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN A
    Response
    cs.stanford.edu
    IN A
    171.64.64.64
  • flag-us
    DNS
    outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN A
    Response
    outlook.com
    IN A
    52.96.214.50
    outlook.com
    IN A
    52.96.222.226
    outlook.com
    IN A
    52.96.91.34
    outlook.com
    IN A
    52.96.229.242
    outlook.com
    IN A
    52.96.222.194
    outlook.com
    IN A
    52.96.111.82
    outlook.com
    IN A
    52.96.172.98
    outlook.com
    IN A
    52.96.223.2
    outlook.com
    IN A
    52.96.228.130
  • flag-us
    DNS
    in2-smtp.messagingengine.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    in2-smtp.messagingengine.com
    IN A
    Response
    in2-smtp.messagingengine.com
    IN A
    64.147.123.52
    in2-smtp.messagingengine.com
    IN A
    64.147.123.51
  • flag-us
    DNS
    mozilla.org.xpi
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mx.mozilla.org.xpi
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    mail.mozilla.org.xpi
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    smtp.mozilla.org.xpi
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    alumni.caltech.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    75.2.70.75
    alumni.caltech.edu
    IN A
    99.83.190.102
  • 192.100.95.212:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    tls, http2
    2.5kB
    9.0kB
    20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204
  • 88.221.83.249:443
    https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    tls, http2
    1.4kB
    5.3kB
    16
    10

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

    HTTP Response

    200
  • 88.221.83.249:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.5kB
    6.4kB
    15
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 24.157.211.110:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 16.91.194.178:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 10.89.209.55:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 10.99.9.168:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    130.2kB
    3.8MB
    2736
    2731

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 15.96.233.30:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 171.64.64.25:25
    smtp1.cs.stanford.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 52.101.11.5:25
    outlook-com.olc.protection.outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 103.168.172.220:25
    in1-smtp.messagingengine.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 10.120.78.12:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 52.101.40.2:25
    alumni-caltech-edu.mail.protection.outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 85.187.148.2:25
    gzip.org
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    260 B
    5
  • 171.64.64.64:25
    cs.stanford.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    156 B
    3
  • 52.96.214.50:25
    outlook.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    156 B
    3
  • 64.147.123.52:25
    in2-smtp.messagingengine.com
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    156 B
    3
  • 68.17.137.252:1042
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    104 B
    2
  • 75.2.70.75:25
    alumni.caltech.edu
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    104 B
    2
  • 85.187.148.2:25
    gzip.org
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    104 B
    2
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    16.24.18.2.in-addr.arpa
    dns
    69 B
    131 B
    1
    1

    DNS Request

    16.24.18.2.in-addr.arpa

  • 8.8.8.8:53
    249.83.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    249.83.221.88.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    203.107.17.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    203.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    resources.jar
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    59 B
    134 B
    1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    resources.jar
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    59 B
    134 B
    1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    61 B
    121 B
    1
    1

    DNS Request

    cs.stanford.edu

  • 8.8.8.8:53
    outlook.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    57 B
    100 B
    1
    1

    DNS Request

    outlook.com

  • 8.8.8.8:53
    smtp1.cs.stanford.edu
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    67 B
    83 B
    1
    1

    DNS Request

    smtp1.cs.stanford.edu

    DNS Response

    171.64.64.25

  • 8.8.8.8:53
    nocorp.me
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    55 B
    124 B
    1
    1

    DNS Request

    nocorp.me

  • 8.8.8.8:53
    outlook-com.olc.protection.outlook.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    84 B
    148 B
    1
    1

    DNS Request

    outlook-com.olc.protection.outlook.com

    DNS Response

    52.101.11.5
    52.101.73.18
    52.101.42.8
    52.101.11.14

  • 8.8.8.8:53
    in1-smtp.messagingengine.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    74 B
    170 B
    1
    1

    DNS Request

    in1-smtp.messagingengine.com

    DNS Response

    103.168.172.220
    103.168.172.216
    103.168.172.221
    103.168.172.218
    103.168.172.217
    103.168.172.219

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    64 B
    126 B
    1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    gzip.org
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    54 B
    70 B
    1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    92 B
    156 B
    1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.40.2
    52.101.11.13
    52.101.10.6
    52.101.41.22

  • 8.8.8.8:53
    gzip.org
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    54 B
    70 B
    1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    61 B
    77 B
    1
    1

    DNS Request

    cs.stanford.edu

    DNS Response

    171.64.64.64

  • 8.8.8.8:53
    outlook.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    57 B
    201 B
    1
    1

    DNS Request

    outlook.com

    DNS Response

    52.96.214.50
    52.96.222.226
    52.96.91.34
    52.96.229.242
    52.96.222.194
    52.96.111.82
    52.96.172.98
    52.96.223.2
    52.96.228.130

  • 8.8.8.8:53
    in2-smtp.messagingengine.com
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    74 B
    106 B
    1
    1

    DNS Request

    in2-smtp.messagingengine.com

    DNS Response

    64.147.123.52
    64.147.123.51

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    61 B
    136 B
    1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    61 B
    136 B
    1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mx.mozilla.org.xpi
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    64 B
    139 B
    1
    1

    DNS Request

    mx.mozilla.org.xpi

  • 8.8.8.8:53
    mail.mozilla.org.xpi
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    66 B
    141 B
    1
    1

    DNS Request

    mail.mozilla.org.xpi

  • 8.8.8.8:53
    smtp.mozilla.org.xpi
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    66 B
    141 B
    1
    1

    DNS Request

    smtp.mozilla.org.xpi

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    7713f54bb97a7d77d8452e14dd9bed10_NeikiAnalytics.exe
    64 B
    96 B
    1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    75.2.70.75
    99.83.190.102

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Harry Potter.exe

    Filesize

    84KB

    MD5

    7713f54bb97a7d77d8452e14dd9bed10

    SHA1

    abc09b251103e0504e05de438af9a03e2cb02538

    SHA256

    219248d0b833e5871fb0c28f50e4f813fff6d72ab4c3a11e734b3601d1d78358

    SHA512

    75bf372e7ffd3d3ad759ad7c4032b750de35de324dd772d1a0b5886574bef6a0f0f29e54d05641ce170ff7dd75a09e3048ba9ce52d4c330fe0a444f58740b478

  • memory/3440-0-0x0000000000800000-0x000000000080E000-memory.dmp

    Filesize

    56KB

  • memory/3440-3-0x0000000000800000-0x000000000080E000-memory.dmp

    Filesize

    56KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.