Malware Analysis Report

2025-01-17 23:30

Sample ID 240603-qpzfqahc93
Target a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe
SHA256 e7eea573c734da75120989b62d121b1e7fc5cb87d1492bc3611e3ad579e9130a
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e7eea573c734da75120989b62d121b1e7fc5cb87d1492bc3611e3ad579e9130a

Threat Level: Likely malicious

The file a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3604) files with added filename extension

Renames multiple (1292) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:26

Reported

2024-06-03 13:29

Platform

win7-20240215-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe"

Signatures

Renames multiple (3604) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\UnblockConvert.m4a.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\JNWDRV.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe"

Network

N/A

Files

memory/2908-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 b7a87595131d3c013e613974e6076067
SHA1 86ebbebfd06e5ec4715f97da270719a9057a39bd
SHA256 58b78438f0defb9e54c294d180c7121ff0379ab419194fa93b530a49c98cd3b2
SHA512 9249a1de8181e9fa51e03fe46bf1b2e17916029f638cf87035df071cff6dd0c0bbb4800a03e71f4721adf5965c456198faaad0b4a58cdc36ca3f41e44a677810

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c3b98a1eb4e926487c98139a0265337c
SHA1 bddcb72b2f1d9806a0db9727340e8f1ba254fc5f
SHA256 4e5fbd632f89b1698bc12042cd2ac7adda97c93830a6118a23d6a64d0a310c96
SHA512 1bf5f128f966c9121d16bbf347fd32f304d42c35efc7c347ff7d02b421d86dc0d2dbe6e856c541aeeb304005909a3037cfe8bb35864b44e903dea512f49cac14

memory/2908-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:26

Reported

2024-06-03 13:29

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe"

Signatures

Renames multiple (1292) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4eb81cadbbf3a2310a162be06f15f50_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3772 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

memory/3152-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 aa8b1df7109e71ef73c273e7616ff28f
SHA1 8b86a8413bdd4c0b30d962becf91c5f207782ffa
SHA256 e0894244514b072066a5364152cab524366f542f26451a2145d3a73736b63e29
SHA512 5ee4c81bec017667c8348b3e0b1d8dcde8d9bfa428866666b311af1ce8c093af86c15e19c973ef73b8874ff1ccd036df6857eeda1e758e65b0a3cf67fd6603ea

C:\libsmartscreen.dll.tmp

MD5 534b2507d17faede2617aac65a0527bb
SHA1 83a8707b21d8fa23876441651e3dfcd4df4c06b2
SHA256 7c7736d0b146c88c7f12e1d15c6691f985d171afdd53d0863d01a1185f9b540d
SHA512 4bf993767c03c294422a63bd86498b11777ce21749d0314c3c82276113a8abb822cc6594c2901b9c2824cbb959ea16a61424dd1e3c24c0ae4934a78c92ea5b60

memory/3152-180-0x0000000000400000-0x000000000040A000-memory.dmp