Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-ffw9wshb8w
Target 8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe
SHA256 65014a87a5afd29fc8e2a175dfb9dda9375ecbb7eee6eb55e32b20518f55127b
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

65014a87a5afd29fc8e2a175dfb9dda9375ecbb7eee6eb55e32b20518f55127b

Threat Level: Likely malicious

The file 8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3734) files with added filename extension

Renames multiple (1725) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 04:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 04:49

Reported

2024-06-08 04:52

Platform

win7-20240221-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3734) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.EPS.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 b70a83ac79e7feb56962671a5349fc89
SHA1 de63f14d089cc584dbe25b9771b0d89dd0a8fa01
SHA256 948fdf564e70ac8f620fa860ec749aad9ce8047a1c3050ca76d9e10b7ae1bbb8
SHA512 962844460ba0d8494354ae3717e898a7364bbe537a8a7692d713e1ec5413044a2811da28f56895f06a56335df038c8573d15b9b95a164a7975b14d1bfef1cfa9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 157a429333cb4446e4879318d382e1af
SHA1 ecd5f2ede7f0ce8ac9a9a70d0924ac01c12998ef
SHA256 7d9d4d64aba2efd61ea70057ad37bc63e043be8a5f4c54ce87658d02f4ff859d
SHA512 e4215186913ea2ca82fb1d5b0f3b49e3208e0d9453fe25f873f556b89ec06beb1aafa26747b6068c180c1040e1b3588720869b24ad125ed0b4d57c040d76c26a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 04:49

Reported

2024-06-08 04:52

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (1725) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8d214a7b06ee01e32323bd076aa72cb0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 bbba0f9ba7202165af01830ad7158323
SHA1 66bfb1e8b2c7e9df8b7babe889718d89bcad8742
SHA256 c6b99f88200b77fe91f5028e81b3faddfcc112ba45b0f532f5424e3bacd7c75c
SHA512 2ad437ddd0912ffc8e2f53af0a034e4129d5d53972484d9529c1f39234055f3efae137b9964622609c99832d3816bafa95194106275ddf79f1d963d4ddef9009

C:\libsmartscreen.dll.tmp

MD5 8e65e6fc09ee3e4c9f60afc76ddc0be4
SHA1 dbb963fdb47b7806d36057521255d10f6ed4e45a
SHA256 0c11bf3ece6556643691816c3aa8d03890efe18f92910ecb34eba37ddc2a2d48
SHA512 c74614b285466df4401bc6566403de0fe1f0d13178d0d26b8360a1541628ad44513ea09e8e70f5424178989e83b65e3dfc5f94a76ee6b65b0ad8bb534810361e