Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3x8etawenl
Target 1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe
SHA256 73a6b25ce551a41566aad6d36f3ace12ccf46f18ca109762f4796cba125039b8
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

73a6b25ce551a41566aad6d36f3ace12ccf46f18ca109762f4796cba125039b8

Threat Level: Likely malicious

The file 1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1177) files with added filename extension

Renames multiple (1630) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:54

Reported

2024-06-10 23:57

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe"

Signatures

Renames multiple (1177) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe"

Network

N/A

Files

memory/2812-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 ee51160493b7d909326dbb24c7dd929a
SHA1 558f631f4a5b1a5f9c9cf17ac37241190cabb1b7
SHA256 dbdc6933c966fc7aa8c6bb5e515f89062f77dc1afd0f9992322e5df6590740ae
SHA512 07baa023969c44c1e6f226a8c194fd432d6d1d5f81924cb9e5282eef76551ff2b1fd10819e3e8a1dda86f5e3721ce2af1c74da3e31404a57f38c8d2e002bab73

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a4f828a03e28a03d1fae9d45ba3381ec
SHA1 264f386286e2a5dcaa61735b0da156b78d7a54b2
SHA256 79261b9139c16f8cf95d597704d56d774ba40fa9270f662814445ab72a1f6d97
SHA512 785d3cf5c71d2b94b7b60fb8e2a0eb05afab6360cd18cc0cdaa5449f688c9bc08084da1394a6366f919630bb268dbda3b55b4be94679a1443bbeaa2dc9797832

memory/2812-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:54

Reported

2024-06-10 23:57

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe"

Signatures

Renames multiple (1630) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fd5cebb0c73b868003f5ae651bd3b30_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

memory/4656-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 9b0588f56ecd252f7636b08203a0be9d
SHA1 194cf2640d071d658e3a82fb44af75bfb1616109
SHA256 e5a960dfaad6588a16280cd888d6cde54d5cfced001d321813120d28f0b13230
SHA512 c50b83e7f1813741d6dacf05a8687ef538253f3c34c9c069e51c8bb44e40c1a77c665df2ec4cc0e2cb2c7bd1e9b94db92b191c13477a18402ac97d5cbe54a5f9

C:\libsmartscreen.dll.tmp

MD5 cda0e57b35852381be9b9533bd58e448
SHA1 a097f180a5dc648be2443dc5fc12c1094472f5be
SHA256 a0a7205619d99ff456687fb2120b198eb248d0cd7f1a9e2bdf6d58bba2ac49e8
SHA512 a37b469a872bad69a84c9be957c5c2386e1a875e694aa34bf51ee62c3ca73e66518c3a11fc98d4e523a2f421ad11a3910f2381b969f5a0ffa28df1e8c5eb90b3

memory/4656-310-0x0000000000400000-0x000000000040A000-memory.dmp