Malware Analysis Report

2025-03-14 23:55

Sample ID 240603-f7dlvsed35
Target 9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe
SHA256 92b8de2fd091f2c8ede4f85a3449b3bd1680fbf5e7bccf17be1cc2ded07cd858
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

92b8de2fd091f2c8ede4f85a3449b3bd1680fbf5e7bccf17be1cc2ded07cd858

Threat Level: Shows suspicious behavior

The file 9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:30

Reported

2024-06-03 05:33

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Adobe\acrotray.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Adobe\acrotray .exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files (x86)\common files\java\java update\jusched.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110519" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1056f84c77b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078f1237f04e5404da848d5bad8ef86260000000002000000000010660000000100002000000009eb037d60e6ccbecaa3ba3a710124a90d4ab7f2356d7ab4fced315cd0a4627a000000000e80000000020000200000003c9aa086a178c9044bd542139e18aec4924947baa5ebf8436d3b32112b0dbd88200000008fa2facaaf2309cd5ad954ee64e07857aabafdf6e5fb4ff0e4b20e59b818ddee40000000a0bc14cf6239a3dec07aba33fff58a268a35dc45b6ba3f2650fff3fad280ee8294bf7b65e464cf951d29ae8f2190076c9896dbf8dae0e7962a93559d683bed8f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1159946550" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078f1237f04e5404da848d5bad8ef8626000000000200000000001066000000010000200000006506b3a3305a941c6a10741d0ad0133555c6ee97e2efed6cf6da08530b1d206b000000000e800000000200002000000014d129fda48945e51a5b9a8d73fc7a0c17ee4e16110f00034013bf0f045313ce2000000019fff4e8ddf0314dbab7c0afb03ff46b2f9f2a874808ecc17b3c8a2bdb28f4db40000000e4492b4fb858e0f49b61a59ba73bead61da23578ae2d2dd62a16e7eec1714155013bb06296a65ebd6d12df95b48b0b84744ca5876e3851a05e3bf7595035fb62 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110519" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{70B773B1-216A-11EF-9519-FA71C8F1560D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907f704477b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1159946550" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2256 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 2256 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 2256 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 2256 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2256 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2256 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1688 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2024 wrote to memory of 3348 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2024 wrote to memory of 3348 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2024 wrote to memory of 3348 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2024 wrote to memory of 4540 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2024 wrote to memory of 4540 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2024 wrote to memory of 4540 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4540 wrote to memory of 4428 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4540 wrote to memory of 4428 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4540 wrote to memory of 4428 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 1688 wrote to memory of 3340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 3340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 3340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 232 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 232 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1688 wrote to memory of 232 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:17416 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:17424 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.supernetforme.com udp
NL 185.107.56.192:80 www.supernetforme.com tcp
NL 185.107.56.192:80 www.supernetforme.com tcp
US 8.8.8.8:53 192.56.107.185.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.superwebbysearch.com udp
US 74.63.241.24:80 www.superwebbysearch.com tcp
US 74.63.241.24:80 www.superwebbysearch.com tcp
US 8.8.8.8:53 24.241.63.74.in-addr.arpa udp
US 8.8.8.8:53 ww1.superwebbysearch.com udp
US 199.59.243.225:80 ww1.superwebbysearch.com tcp
US 199.59.243.225:80 ww1.superwebbysearch.com tcp
US 8.8.8.8:53 225.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 193.98.74.40.in-addr.arpa udp

Files

memory/2256-0-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Program Files (x86)\Adobe\acrotray.exe

MD5 410c3a2f1c06a308bb79bb041044d877
SHA1 9dafc3b95a11a15145d6422a746b8057c7bef53e
SHA256 e4292fd09dee51fa63ef487a161f984ad77dce9158f599cb06dee501cfc55552
SHA512 fcf005d6e4a536169660cb0f082b1da7ad97150727414099898ff137975dd97ad0ac71a900bf1d0c76457005175b7c276d173d983799d8aae21302f72dec192a

C:\Program Files (x86)\Adobe\acrotray .exe

MD5 bf494d2accdf2642a3716dc756b074f1
SHA1 c85e788f165b59472adf41f550b50b1f4f2d1085
SHA256 54821aab2feb3f1a341920746c46b6b3471bf88d2ab5e45d7e0e093c55a8a6a0
SHA512 03658155fca43e0bc534b462a7e0ce6910e2a2ac28eefdebe2ecf9c98d2ed4d1932f4137cc6e2625626c2b4f64c4b94a490978ba27ee0628e8f3988060905f45

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:30

Reported

2024-06-03 05:33

Platform

win7-20240508-en

Max time kernel

140s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
File created \??\c:\program files (x86)\microsoft office\office14\bcssync.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423554516" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000567b9cb667bbf314eeb1e2bf49694fc47fd1dfed6dc3bf57c551e92c1be81a43000000000e8000000002000020000000099be7a8a3c7aee36cdc41d596eb9287a57c01a80cf24f308220b0a0755cdb34200000006e159185a4e141b5d43c47bc9fa8961c7e3ef838425c0c07bb9079d312afce0c40000000659c5b61711a54473f252fe0008d2772eceb98c4299719c6eb24a06872301a7ccc3acd6b066e46130c9874e1757e733f698206dc5d2f5aac82c582557fdbc918 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F043F31-216A-11EF-91D8-D6B84878A518} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401f9e4477b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000004a9837d66767fb7ee1631eb91c51166c811935850e8d0ff2d6d9af0dabc177a4000000000e8000000002000020000000bd59d39a4162c90ee5ed4ee8c18a026fbcf493b944c9ae332e483d76f69a6fc2900000000dcfc8d889a5314674fc2ea1226167e335e65b06ecb27ac2661fe992852454c0fd296be346d8ba7762963738e8b2eff6561ae2a8e209fda6c794e62ee9e5102f8f966e97795f0aae428f722f0c362ee453a9d0fdc601471c5fe79e3433cd2420135861953d4990ac23b3f473d4e35ed5c495d9cfdb60769491d230d6cac5c97101e8037bf37176fd16ffab6ff85c35d3400000008d19531ff02e4dc6f86772d43bb023ab4cec5fd5369955e4e9b9af16f44e152443da1da314b117bfd1c9d061df608adcf44f5cc57decf7d23bf4b180b728bbbb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1792 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 1792 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 1792 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 1792 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe
PID 1792 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1792 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1792 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1792 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2796 wrote to memory of 2776 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2796 wrote to memory of 2776 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2796 wrote to memory of 2776 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2796 wrote to memory of 2776 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2796 wrote to memory of 2652 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2796 wrote to memory of 2652 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2796 wrote to memory of 2652 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2796 wrote to memory of 2652 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2804 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2652 wrote to memory of 1960 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2652 wrote to memory of 1960 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2652 wrote to memory of 1960 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2652 wrote to memory of 1960 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2804 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2804 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_neikianalytics.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\9d2d2345db06bcae9080e9f34cec43a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:799749 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.supernetforme.com udp
NL 185.107.56.192:80 www.supernetforme.com tcp
NL 185.107.56.192:80 www.supernetforme.com tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.superwebbysearch.com udp
NL 37.48.65.154:80 www.superwebbysearch.com tcp
NL 37.48.65.154:80 www.superwebbysearch.com tcp
US 8.8.8.8:53 ww1.superwebbysearch.com udp
US 199.59.243.225:80 ww1.superwebbysearch.com tcp
US 199.59.243.225:80 ww1.superwebbysearch.com tcp

Files

memory/1792-0-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Program Files (x86)\Adobe\acrotray.exe

MD5 093017712664aa59dbc78c7173f5e26a
SHA1 8d92a9a876bc8b0f1ab10574466578ed965d05f3
SHA256 31c440e51598f0a4b1ac77cd91392f8280cc22f9325c1dbbe77217cd431c3d7a
SHA512 4236f04809ff53c7faaabc7287f624a687eb88c1700760c71fe66d84439b22929f5d962aba2113884bd365dd2f8b7ec9401f6b1a4ad9d61bcb45178875843645

C:\Program Files (x86)\Adobe\acrotray .exe

MD5 c8fa8032353efe3e8e8628ce969ae229
SHA1 80f104546218e052d5d2345dbf66710221672598
SHA256 08ac0ad2589a8bae8fc4730a228aa90a97620f514de7f644a4b49080541fd3b3
SHA512 0390acf95ca6bef1df2547a7792470ca53324ae61154ba101275f66fd69b456a3094068f4a29874819601e18ff1d6ca006d61ce483e6503f0f104f9fc30abe52

memory/1792-38-0x0000000002CA0000-0x0000000002CA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab759F.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7624.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92a6e7f9e54d266d7be7e0fafdbbb7e3
SHA1 40ee5168a2746b517872b5970d2f10803c07703d
SHA256 af113e1e072ca7abb3d9782b3d38f764f759501f31c6629d380e2fb42d02f0df
SHA512 f8270234c587cb9f38c8c6c5f89f4c38cb886acd068734cfcc0401d596336a18879095356de12569aa2e31ceaaf1e189be34325b896a47859d8714b7b6e68ad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f653626f1ca1638fa9d2b37619aa50e
SHA1 5ffd4620b0b78f8eb8556d028775f5b7cfd20335
SHA256 770d98daa02d6984029cff64d6dc43dc7946212db21e4f68036195a07e84b898
SHA512 0fc5fd6e42c54ec7cc0d1a41f57f843fe1f83185a899bd50da60fa24f434ca786470123855c00e7f00c7c28ed3882ee4a3d0d6a44ebb16ca19958212b3b4cc87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 909c3cdba554d462edeeb19dd6e8390e
SHA1 14ba9dc824f5056ce8dbb963a3b90dacea889b26
SHA256 2d2464cd59e30b9b6cd5119443cba0464f77b1a2d7d7a6548cbeb07642c2161c
SHA512 5877c24c52068f2e64e4f358e58805bbf99c4fef935adb63d5fe5507dd8180648af489ba9385eac48fa23c409ece14011d91a8ae849e7bc45a3dee47ebf5afee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08040746db72fe0c793f4efac29b91de
SHA1 affbbd4a27d26bcf1f408148ff51dae76d896d7e
SHA256 b4e2b9a38148e6ed6384e6c2f4f43743344a1caf24d7573d373a759ee0b63775
SHA512 40bd61412e1deae7e78a4bd85666cda8e84e728527fa9e4e9149532013c02271a1cd0df9a9249d422db1def52f1f9132cb7bf0d74fa2db7e42af75accbb4a836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3bd75acce848798ca4d962448f278c7
SHA1 fe3bee0918746b4450bbac288ae5795ad86e5d3c
SHA256 fd38b96c0d042905487fe300e1a43c1f7003d8864ef7e800ad105a0b86ffe79a
SHA512 11bd1b72ce1644f089a01af7fd56ea2a301bb0b1f163e2c953a42720f0e30115773bc3b0c301ca50e251a1baad983780689016b0dbd2bd30af5c1d7c606217c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddff4802ede04de09bf569c7bb73057e
SHA1 d184b442d0457fdae3a27910d1ae0812df63e89f
SHA256 540ad0cddb523208a82ea98cd686baf320152ac6dcaa895884e8e1b9b46c9d6c
SHA512 3859e3e836e0c673ac2f34dfe5641874ef36ad194646f2d6dd9ee5443c6b693d531566b5c58d351997e49a29472759e04db3a28032261092e06354939094c3a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0ff69761ddc279243d471f270bc84cc
SHA1 123ecc01740ccdacc705697adc7c80dfd540d634
SHA256 78a4f78b34fa4d24e16809e416330db620bad5fe2042b69a2509a14eb6c0698b
SHA512 01ac8bbb64c4b505e954372a5e450138f1730d19a384418a1afbe0cda9d4603bbbcd0e319e22acd3175bccb952e4b243904a319117d762f6bb678c72c3dc87d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07dba8fa8b564968362699cad8296f34
SHA1 ed2e4fe36f761ce66389bff57dea55e564e5bdd4
SHA256 d2d22bf0bb3a42c1c778b463663e7ac924e6d998a7bc54753e1bab8748e1f107
SHA512 05b2d99e1fe91a7a56adc6319e3babb70888958961280cdc63c6a9a312abecf8b36f4896fde6c300c8fb9e582ef723ed7bf0fd0e88e2980afd2f851e03c6fabc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f3d016f668838444e8ebce97ce240a4
SHA1 9a30b7e1b38413964bd2180c01fdf656d574e7f1
SHA256 0bd36bbcba72ae63bba1c05d679ab2c5051f5874e5c5d7192fa5f8024247797c
SHA512 1dbc31cad29ad7cd4be5149ae36b9a7ae438ba6ed11f309a2b2765ed5704a5ec1a85461e6a2222e3e04f7f0fa03b01aab76a7adaa8b9c9ed158a8ff86bce7429

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 803b048f2198cad378dbf4ccb09acf4f
SHA1 446093c9946067cea9389590a403bb399d5ddb93
SHA256 f57644508e4b3ba67a05a609ae9c55e463c3c1184bb188b3bcdce4b87c9977ae
SHA512 119c50368394fde2a5d83cb5f67519e5e429f174b8b59402a7488d3923d21da556c3d380009992a03a2a3f68ee57802e5a77c7a7af92b14c6f65eabf415dc189

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 709c07eaeba73d76355088e4b6e4c716
SHA1 a131e204e562cf924f888f063d5f93d9878f1a28
SHA256 c0923cbc0b670666a6bbe2a1c9bf8ee6da5ac9b0ff012b975533994ee9ecb5b8
SHA512 e3fb6e58026c0262327b64cf61fb43633a9f9d510664c572b850fd034566768c039d568fe3810328750c1693f4f09edcf7ef989f1f5cd83ec19aba48b585ba24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d71ef2b78cc2e9bcf55a4acf96bea451
SHA1 efbfe8ad4342a4d7740a6846f515d9c9cb877c31
SHA256 0a7f042be291ac9d4256540f93c4c5a119da63c484e4239d63059ad5f880a5e9
SHA512 9455b4222ae89d2a9c7ae4e5a6020d6027bde6f8f63be4bafe73a4982c675bef6dd818cb9fdd3e8f9ba9a5716b2b58e95f636b9ae722066d656793e82507a582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a78841400e054578f62057b446459ed8
SHA1 3c81079b47ed62ec6bd5e9a1c06f3b8ee177d876
SHA256 94128d3741b7f9ad8d734281d6370055d3378a780c2c321a42c8c24d2c0d2d88
SHA512 364a34a813f4df140a8ad1b692da1c018e2a3d595d014394103f7cc03fb38bc29d3b73e2118a2e7295cc87e1933bee32f2ce4bebe4d10cafccd7a769782b2218

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ae701f25f885746302a79a5f5212b62
SHA1 5ffb42e441193d668ef6f2256aa57f7434122f74
SHA256 21c61b53c816c61d2feb93e0752cc0155adf61e9eb39a813b11649018860896e
SHA512 8487e7f8eaa650f22018361909042066ba2f06cee87e5477203887a63438e599abc462a346adb174667bd77a23fbc8b1cfca53941dd1ffb7b2e3233148609a5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e6dc4de4515d8848664dc2e6902b6da
SHA1 54a630a013a2e4f568ce31f24a50cc3e87812eef
SHA256 f2db7cf0f905845555d2d81f2cc9581000b2b73f61e99a5bd82c41a59b99c1b6
SHA512 98b41f764c1b05300d790dd5a05f3dab7caf35881588be5cc0799d98ff21dacf4ae1f25463aec074889243feed786bc296e2835e95f5b5beb6d5e441e8130b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee6366bf8b5fd890cde7e94e046e253
SHA1 1a16ec22dc7222c8b20b2dc8229b3d41095b405b
SHA256 966273e23c771d381b0918188b76cbd95123e6235beb44f11f362b6548ff9858
SHA512 65d9970580bd1070a0ddf45f529a081e373819eb142dd926e5919239abc60b611346efb2b461d98f9449edc9558b0cb47c812e69a1b8ebcdffc812ba7d5c7a62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5041e7bcf8f77a4be3a918c1f3e6cb0d
SHA1 4c32e8075461a61ddd1267713ef294071433d5cc
SHA256 5cf118f28fb2956fa35fe1f2b33af821668ce6bdc17dc7d970cfcb6afb4e7173
SHA512 4ed8c1e1966a23dd0af600519fd9f15c10a713178d8896a4311aa50cc558b1ddbc57285021e0b1cb23d3fe372aa1e2925d6d720218c3a493518152768e6a23fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55ce786fe45c3a1df159e7750b86a43d
SHA1 9aa2783a0b27d4bc7dc336151fe40f4be1b196e4
SHA256 5069d3991c43630052c0c7790898a57f0124bcbd135a2c453af73386c5d17b98
SHA512 3d640b600f780797967f1209b563cacb9d80b5755dee178c2be432777b85c452c649e71134d02b760cfa1430308f1d3afe0f27f4813c621697500e9a1ebad58c