Malware Analysis Report

2025-04-14 04:18

Sample ID 240609-jr41nafh2y
Target 16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe
SHA256 1324eaec9d3f07ddda02b115ebdb897b346300aeebb9fa4d958bdca809cf4280
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1324eaec9d3f07ddda02b115ebdb897b346300aeebb9fa4d958bdca809cf4280

Threat Level: Likely malicious

The file 16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3088) files with added filename extension

Renames multiple (1638) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 07:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 07:55

Reported

2024-06-09 07:57

Platform

win7-20240221-en

Max time kernel

130s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3088) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\application.ini.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\WET.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1684-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 32fb9f01960ac3701b23306ee90504fb
SHA1 136a968122e71e5169ea4d6252a5b872212a5ed3
SHA256 edb9090038454251d1544f78246415f2bf583865db102b516f61a1c3fb6af21b
SHA512 e0d5616a35d8fa4c784bb782e5195f74f57ea517e18989ddece6492f715060085b517e286f2e8da52460027498f4289eaafea043cdbba2195b31989a4d153e3c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1cc6207b0356996425b2340b3045acd9
SHA1 8b099c6b3dbcc3a1452c6acb68868211eb0fa913
SHA256 20ea5fde5baffbc470e1940faab0614d370b47da5e83e1431e97d87f84884959
SHA512 b28f758c9bc85ee5567e95773c233c6e1bbd85e8b2a2c2f16c1270fe08a87e3eb8a33cda354a87265b46884c99cffea84a75654106b20c4e47943000e4ca3cdc

memory/1684-642-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 07:55

Reported

2024-06-09 07:57

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe"

Signatures

Renames multiple (1638) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\16c8caba1985b2bfdd22fc8ae14ea2b0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
FR 142.250.75.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp

Files

memory/4764-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 fa95e93699bcfbb7ad6ce9d0de89c432
SHA1 64f573da0105a1c2fc387a854effb33510f8658d
SHA256 6db30fccd36d3ec177cd21bdbd63498b0b9be58ec2b8c6848571cc6b69368067
SHA512 2659b7806c760eb794ecb71be2d721ca4fccb29c6d1f5d46001b8816a4ff3125bc4963e0ef02fa5b8e4e38f83b22cd311aeac52e7202f2a23aafa3b1a8e36598

C:\libsmartscreen.dll.tmp

MD5 c8949b5551b1d0eb8bd0f2b7f9dc440f
SHA1 2ab284336a81fa39639c82a25b9f9f197b46bd66
SHA256 8a196efba1a4142d7b7c56e662c6e197a5f10dfe9779841994927137b69e11db
SHA512 c92c2fdb291133dc44b6721922ac177876818b73d1c86c14865a4d3ad1b5b988ea06a0fb8d029bf74b7f9de77893cfd2131275d75e67b65da01f9530a4676842

memory/4764-640-0x0000000000400000-0x000000000040B000-memory.dmp