Analysis Overview
SHA256
8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2
Threat Level: Shows suspicious behavior
The file 8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 08:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 08:42
Reported
2024-06-22 08:45
Platform
win7-20240508-en
Max time kernel
140s
Max time network
148s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\ | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "173" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.0.1435076795\2128858217" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1164 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {399504f9-8443-4aa6-9ff2-1cd30daeefd4} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 1364 100d8558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.1.570778475\1790842813" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58b0dbb-4618-436c-b2f9-67b1db5f7dd7} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 1544 edeb258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.2.290836258\658979407" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f17f9a3-61f4-45d0-88dd-ac7401754e29} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 2120 19fa6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.3.1413616095\1454173194" -childID 2 -isForBrowser -prefsHandle 2708 -prefMapHandle 2704 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c812207-45f7-4fa5-8bcf-ae7c26f16370} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 2720 d68758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.4.1684363968\981872914" -childID 3 -isForBrowser -prefsHandle 3372 -prefMapHandle 3492 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a35965-8501-4e0e-9c36-9d4856c2dca8} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 3684 1b1f4558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.5.1138502059\2016769293" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61945062-a389-4ab9-99c3-bbccbe3ad0aa} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 3780 1e8c7e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2204.6.1593719479\1623000945" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3804 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad87998a-3440-43e1-80dc-7bbbda39c5ae} 2204 "\\.\pipe\gecko-crash-server-pipe.2204" 3848 1e8c9658 tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:49193 | tcp | |
| N/A | 127.0.0.1:49201 | tcp | |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\f5308ec6-ad93-4e7b-a1d1-b39f24d0a07d
| MD5 | 2209b70a9efdaf7081cb29de13678bb4 |
| SHA1 | 05c1b8acd67e73fb8208a42ee35005a2d0ce9ef8 |
| SHA256 | 3ddc793d35cafe7992e9794f1cffbb89d7a5ff8d5623d3b5774d750a463dcb94 |
| SHA512 | 8b2e3423dd3e7624957b4029ba888c3a0b5d90d35675209b1fb29e7a8d5a35bfebbffe67a85ff995e8441947b2e89ef9e474d55faa6b4f69eafffaabdc856402 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\8c3ebd06-8aee-438d-82b0-ac21fdee3d38
| MD5 | 678f3acbf99bfbdcf87af4f521c94ccb |
| SHA1 | ac3304ca558b8cd5e05aaaa0ff32ef4602c77f0e |
| SHA256 | 3982361cb5115fbbf2af9ef739c65069f66e0dbf124aa60f8debb134e936b144 |
| SHA512 | 6ea965ea333e36d564775021e97d93f8abe29db436e2e488fb4df9c1e4177cafb32604c2b2615b101bac7ebec144fe2a296a086b8d990123f5c188daf63f6c2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\db\data.safe.bin
| MD5 | bceccc3e056fd09730759c5ab4eead86 |
| SHA1 | 7d18d2b0fd5f444c3816fdfe4ff1ac38eb5719ac |
| SHA256 | 1a210654bebedab9e53c01ca5d86fe04869610a84156c5041e43fefa3d2a1418 |
| SHA512 | 1c5f75a62d98a3f7ccc9dd253bd30a01d4ea8fb9cb17a33403de84c6b6950135cb1e253c8744f0ac84d9f871368553331c8762100af2c88cdb102a8b8cf19ae7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d8dbba80e84191bda880424dd7f32fc5 |
| SHA1 | 2bd602ba4fc52c3ff67eaa1c4b3a8e454e7ef28a |
| SHA256 | 88df0c45171381041fdd131de13ff6ad333c2443b9e92a94da0783c7355944eb |
| SHA512 | 44d2a3a68f161d8be3636791e13ebeadb732a8da2908449c4d05bb7761b0394b4a8e8fce08760b4fde244fd039c4ffacb0d8ffab348a297f5534e00443dc036a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js
| MD5 | f965a8e054840c04a976c2ca30fc5ae9 |
| SHA1 | 54b751fa09b938d7f4dde805465d7dfdde941a23 |
| SHA256 | 96605b3dd0ae619a87a853db860aab6687851e301995bbdba31fcc52a622f5c1 |
| SHA512 | a79e3b62029107d9127047296ac447427c041c4224a3920462e9cb7634345654ac8faadc61238dbf04c75310bf74d3852becdf90f9ebc713999fcd430540f562 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cffdea75b5baf4a86cc43ed519014a4f |
| SHA1 | 283913e90726067412cdf7fada355c919260a933 |
| SHA256 | 7f20c7ced03f0aa9cb3ebbcf2dd23e1f56734400f4153fabdfb2f0baab3d3e42 |
| SHA512 | a811877287f588c17cba8083acbb2c606953de9c39c669e3d4be8d9997c3cb376b942d5c032980dd951244754e4d92a8c20679ed4b3be9a8dd8751887047bd73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 8243a8e8d06106cdbd6dd086a61a2b1d |
| SHA1 | 5eec803ba6158f0477c567c367b3d1024eb3aff5 |
| SHA256 | cb3c92ae9c179f12c8c4dbb6efea9d1043abbc15b6b6e43a2e53239b75bfeac1 |
| SHA512 | 685014fe7039a7b12e4e882988c1c21de5667fa392cda2464b45d2a3cb49e74d23ab073c58c30b589cc7d6282882f13eabdd30ddc730ff267bd13e8bbf35ebc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js
| MD5 | 499150f677d59f26a3b89db00b2ac3b4 |
| SHA1 | f79f9a1eccdf59845e28a1c017827df7ccd88d1b |
| SHA256 | 45a5faaac926446a0163d8547b14ff9dad394a50a87e04aa43015374fe63c73b |
| SHA512 | 417552cfa694425b70b443ac3f5df813bb7291cb47e7586a28469e4dd6b4f80491e6a959031de259ba5a16ed9223960c079a7118ef05331de1aa457ece5c5c88 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d3ce997df524ea51b70e9013ce533771 |
| SHA1 | 680240b49f04a0570876c6441c484bd8f5d09db2 |
| SHA256 | ecaad5ef17e7101092a7bd9a413946693ee5343b1743929ce15b0d38650b5de3 |
| SHA512 | 6db7402ad92427f504a4c4f218f2516dc629e5271e4625fb8f8353a7cba857e0843ad65569aafa7b00fad9cc2fcc4771e47e1426f4ffcf4e0686fb06012c8e9e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 08:42
Reported
2024-06-22 08:45
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
149s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe /onboot" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Therad = "1" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}\Model = "173" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter" | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8be0ee37ae3f269642316e35e17797ef8526acb1a5896dcc242db7f1c35dd4e2_NeikiAnalytics.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,5047420736443372512,9747851268033796534,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.0.251217628\1373346751" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab300225-f0a6-4978-a62b-a257f00b61f3} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 1900 2de9bd2bb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.1.1517997935\949795396" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a977caf9-5661-4659-93c3-0a416900a539} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 2492 2de87a8a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.2.53015621\1310736192" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2796 -prefsLen 23133 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecba2402-a176-4db8-859d-609e79f17bf9} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 3040 2de9ec2ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.3.293882061\1785547559" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 2636 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {292b67e5-e731-4929-a703-61ef67eb1728} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 880 2dea0a83558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.4.314554365\588174741" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a6df84a-3672-444c-b097-974bd83b49ce} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 4868 2dea2665458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.5.540733844\1539478949" -childID 4 -isForBrowser -prefsHandle 2828 -prefMapHandle 5100 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f5ebdd-4a65-46b2-8fd8-c6b014df022a} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 3080 2dea2d95858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.6.802228483\1684772966" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {510093dd-a789-40a9-aa21-79287f749be9} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 5312 2dea1fbc858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3032.7.1961231859\1398474964" -childID 6 -isForBrowser -prefsHandle 5528 -prefMapHandle 5408 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1056 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1c79c0-cbf1-47d3-a667-4d7275bed613} 3032 "\\.\pipe\gecko-crash-server-pipe.3032" 5516 2dea1fb9258 tab
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\downlWithIDM64.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 169.61.27.133:443 | www.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49820 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 133.27.61.169.in-addr.arpa | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| GB | 13.224.132.52:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:49826 | tcp | |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.53.40.162:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.40.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 169.61.27.133:443 | registeridm.com | tcp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a8a32bd66f44fb0656c2cd001f3fe614 |
| SHA1 | c66d606b728d2da31aaf781e85334e7ddc084e30 |
| SHA256 | 6d1213fc9f26cce370958ed6d0a8aa9862cd87f6376aa0031030a320bef9b1a3 |
| SHA512 | 13dd6048ee5343716b3d7fd19efd85d3154faca4488d1cecb1fce26993ff2f076fb165e171e542ce295b7afb0dd83a769618a00e789e2fd852dd4ad2e6aa43d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c24175ed3a32618bb7ba15adfc18120d |
| SHA1 | f639fc2a15a14eec042593d4709201e22a79e17d |
| SHA256 | 958327935012181328011bd5fc9a8cc472dbdcebe782b240ff5a626e6173f1df |
| SHA512 | 089fbf5f29f17d078b7b1da3d259f8faf48886a6882dd21b9b3ae7f5234dbd53e77bb323f3ffe5eaad89cbf9e3c370c37d1cf60e0dad6c5a17cce2e6d2737d83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 06ac99d70f254941e476b08466e34d54 |
| SHA1 | 9e133b5493e93f2c54d8685ccc29bd55041213d1 |
| SHA256 | ecd53445c2e1a196bbcc37306b4282384781709f35346f458460c445e0e77112 |
| SHA512 | 3f53b8890b46cfbafc70bf51cf30974105205f69c800ebbd342165177c1f2dafe1c753227ac27f227ef39757ab47be050b1e59f8f8ae80de2e6c9649a4a90c07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 31338e8bda2092cf7789ee6d992824bb |
| SHA1 | a0daf2874c1d7292f84bbc50be5e6e024fe96405 |
| SHA256 | d2522aa9e2b4a0dc28f2f0132d3a4212e821b8576bc51ce6d38ef44d65f1005c |
| SHA512 | b97e65f70b490254ee1ee49c3f024877ba441559978a3fc7beac3fc0f09cd0a3a20ce5433984dbe8bf403c823afe5aa615fce4a03763ec6929540baefea420b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | fafcf282244fca94e16e42e93239dd87 |
| SHA1 | 006436e9126a7c4667f9f7787d47e17cce3e9ff6 |
| SHA256 | 3f9b7e985b2b90a5f1907245556cc73a6a9017b808360ea17fc5fc53117640e7 |
| SHA512 | c3b85fb88fb9fb61f33da64c7f710e8298053ec64d10fe1d99da721d537487e18e7fe76f402334451d1b552f782594f3e4b5861585f6b23faaa9448fddd15669 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 62fc6f190b8f240b19031cee7f077908 |
| SHA1 | 565a33b49de29dec78968b50a336ef34cee823e1 |
| SHA256 | 0aa624c6165c7e12e498052c693f0ff851b7e7a360d9a4706c7ccc811e75ad7c |
| SHA512 | 5b9af0f7729526bd47075a827ab4217142fd9ef46576c5715f72dde3b57821b75d60843ef376749cf9afe79a68f43b55412e742722c3e6f5dabeea5269335c2c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |