Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-cplyqsfe71
Target 82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe
SHA256 e3a5bcf409210125ff08c08fccf665980b3c6a939a117805b03f6f7f3c465ec6
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e3a5bcf409210125ff08c08fccf665980b3c6a939a117805b03f6f7f3c465ec6

Threat Level: Likely malicious

The file 82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3730) files with added filename extension

Renames multiple (2068) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:15

Reported

2024-06-08 02:17

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe"

Signatures

Renames multiple (3730) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MsMpLics.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabmig.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FNT.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\setup_wm.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe"

Network

N/A

Files

memory/2192-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 47d9ef3a328ea137f72351125a6e6087
SHA1 db0e52095327f2bb504b1240faa4efdef6700bfe
SHA256 ea1a0eb3665b004a25dfdfa547352d4ff220aa3ba1c0eae4740423d29ae421f0
SHA512 0b631eb4193b5ab50e7daef469e8dbe002b88d44e937856bef6f67093f5aea714161dfe7018d09e4d039ad5485d3bb15c5a5c9e9703fdd33c08a5be1be7d31ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cbd3e514b81ff60e4411f8b3f277cb51
SHA1 cfdafba6976bce711a1644044a350697472e31e1
SHA256 2971633a517c89a7d5bec770be32d222df8c3d14e5e34f0a2ce77d0bbff6af46
SHA512 02baff2c341d2ffcdc3b0c1f37da7b77eeb95b9c28b741f97c566d790c825506c26ca438d959d98638c4c3a6bfb0b7ee754e59880891f65bad8676287f7337ee

memory/2192-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:15

Reported

2024-06-08 02:17

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe"

Signatures

Renames multiple (2068) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\82d931fba7d3010680d070e1cf0e7650_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/2548-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 d2c002596875e8f332b4bafebfa1465e
SHA1 a86cfeb95a89c4ea3bf7b09b5e8ab76938599afd
SHA256 30aef91eee37f39941d31d1ea8d350889b86ebc19b0a8c3a0cfe3aec06203987
SHA512 da0eaf69ee34a056044ab3b0015842fbf48e067271c4119b5f160871df1b3cb35d31e55f20809ac1237da5c385df45c8534bd9d76cb5d698890c6323e56dc71e

C:\libsmartscreen.dll.tmp

MD5 ae8395607c4fab903b407d76e149eb09
SHA1 df697e7c82979876e0dac3b2b0cc0bbae298ad9c
SHA256 04f034995e36a0a51aee5c5e91d2f3ac25b93a238a124b5cb404d0bc423ca78c
SHA512 0d0e8e60218e6ee28e6a5e334818701c5d5dd19662470948617f561f82d478d3926a1f70b4bb694ac6cd9d6ddf48d5ae4e31ff8abfa34bb6d505759afd1def5f

memory/2548-322-0x0000000000400000-0x000000000040A000-memory.dmp