Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-dr114sgb7w
Target 86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe
SHA256 811179c24541b0ce13bf2c1e3fd13c361b318b6b35bdf24ff35a8722291f74ea
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

811179c24541b0ce13bf2c1e3fd13c361b318b6b35bdf24ff35a8722291f74ea

Threat Level: Likely malicious

The file 86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3465) files with added filename extension

Renames multiple (1719) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 03:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 03:15

Reported

2024-06-08 03:17

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe"

Signatures

Renames multiple (3465) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 fc515181e67fe329c974a9a1ddb8c527
SHA1 d6d11432f18d85949ef7512bc703774b3c8230b2
SHA256 17f2da506cf484671559cf095f45676cfa9d89f71b39733220a30d49217346be
SHA512 bbe2e798186bb1f36dc2d6daabc828caea8d2258047cab15b0f3e471aa492f77cf39f3bc0667921dd6ab8d5c9df4eb62f0fb0e4823f115afd815d1b9b9a5ec85

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c9df29e5a52a379f5a5cb0390dabc993
SHA1 4bf64021f4856c5d8347b97225649cdba5986fa9
SHA256 35535b0a6a5ed326d25be6f6deb700ec40dc90bbc4030d7f20478222336a1ae9
SHA512 cc337848bdeff46b9ffbfc54204cfe4d73f15235310ef60f65083799ff2867ad65aeac82a40d22e316391a2938c9bc8e8b973341ec9c4e901e9dd682ae1268d6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 03:15

Reported

2024-06-08 03:17

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe"

Signatures

Renames multiple (1719) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\86ee3b412ee037a8a76389a9d14ae110_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
GB 216.58.201.106:443 tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 741ec6f2de986f9b40fa633503d1ee9b
SHA1 ae1111d1477ce1a1074ca2cc1a115497d1ec1e72
SHA256 b052789f06f5e8712c5dd2052106c10aaffd43415396bc836713a5ca2e50a52c
SHA512 b79e9d4e1473c3b2b60264298b9f9da2c842b1f8246b7192fb77287bfc4039075479ac55cab2c4dbf8793fbb8f4565f0af1741550a21736c7072d3f4ff0fd394

C:\libsmartscreen.dll.tmp

MD5 c92b87088c20803ddb50280581d99533
SHA1 661c5f89e4e945a254560627c65f35fc131d90b5
SHA256 3ce1a8af3fee1f2ee6a6dda48a533968e288851a334d422f3879b4583c1025d7
SHA512 7b878f7b76ebaca875c54f7cb9a8ab549bd0b941de42dcc112045f13266ede3c57199caec9eb3ed9a72c714daf8c4118620f1ea603351101b9a3dcf4869cff5e