Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-emx94agg6y
Target 8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe
SHA256 c930fb795be1fb4f264ce24c7872a8a8afcb3b983f45f08ec7b59add0fb71d31
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c930fb795be1fb4f264ce24c7872a8a8afcb3b983f45f08ec7b59add0fb71d31

Threat Level: Likely malicious

The file 8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1760) files with added filename extension

Renames multiple (3494) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 04:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 04:04

Reported

2024-06-08 04:06

Platform

win7-20240215-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"

Signatures

Renames multiple (3494) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabfind.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2256-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 e94ec579c81ee79cc633cf796b6e61f5
SHA1 03b08516aa48147131f119d85fb889e7d47baf3b
SHA256 831cfb6ebb318defc1aaab941b5928e00d23eb34c51c079cefc4100bb274f13d
SHA512 c6e0bb7e224f113f344db140e254002f2f550b8f2db4516be101a3a91f35c2c8f51103829f13488d26f009c811c2deb0826c6485c902bef51a80e2c330e5aa0f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4b691ac84dd372fc1161cf89ef3b4a6c
SHA1 ba38a67501050a67fb4faa23d7042f3cc4b8f7ae
SHA256 0726e1f9e6b6c5ae3fd00ca0a2575b3918113c1e10ac2fa63c0feac0855e67c0
SHA512 7393a67d44ee73746a83af3ead3826a1b8826faa8f9a9399fa6cd51bdfb27ef9eb49b328703a3adbfb6b67ffd6519dc2055ea650da37229bdd02a33540fb8da0

memory/2256-557-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 04:04

Reported

2024-06-08 04:06

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"

Signatures

Renames multiple (1760) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a4740a6cb2aabca6b39054ee3f457a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 43.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

memory/4888-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 e28bd89c8c28394f798969a16336c419
SHA1 51cc6f1aa879d37c54cb08e775772733857d7f76
SHA256 e1d6b4b62a42e855bd78860ab4bf52f671e8aecda054e69b211c5c0fe484c06b
SHA512 ec5c3db555a21577966a56767090b46f5573f2753c3dbb4a34e259e24e8b5f8fab7eb3440a3f944a05ad19c5e3eead33cc0568afe9908dfbca5018c0d263e966

C:\libsmartscreen.dll.tmp

MD5 8a90595146ec359eeb7211fd3664751f
SHA1 1c615d79e1f52ba2cadb0bf8dad7a7fdc2647fd5
SHA256 73bc97535c806674a3a84de71e2909a5ec285ba9faa6fecf2e134e0eeb26cd89
SHA512 15f1ebbb2a65ea5ff7f994730ea2d737f4e3118242e030ca4a53ee9d9f3c10d9e8e6eaf8073d384b6884045319720fea6af13deb143fb92ae693980980a81273

memory/4888-422-0x0000000000400000-0x0000000000408000-memory.dmp