Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-b1r4fszdlk
Target 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe
SHA256 bb94bee6c6c77e1a727cfda5d02528a049ef1297ccc4aeb3e663fd2026ed7a1f
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bb94bee6c6c77e1a727cfda5d02528a049ef1297ccc4aeb3e663fd2026ed7a1f

Threat Level: Likely malicious

The file 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1340) files with added filename extension

Renames multiple (3965) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:36

Reported

2024-06-11 01:39

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe"

Signatures

Renames multiple (3965) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\UninstallSubmit.pptm.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\CASCADE.ELM.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe"

Network

N/A

Files

memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 c18c48d0e1a3d81dcf80d3fa524cb624
SHA1 87de18fcc256a2db9579dcbd016d08d92f54b99a
SHA256 4bdc84a4026cef42c8fdbcca845d3614ab93d443a53d256e7e9dfde7967def22
SHA512 aa5a268f065cc453b80decb6f82d88ba7186d1b7e936c147c257dfc8dbbb69fb59796d07f6ed1d5a232c7115f90543c3b5ca247d64d0d13ff2bd0c304af5a4f7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 aec9dbfc982ac6b83694a37bbeea298b
SHA1 583ead937ee266edecd7b4f9a1887fc4e4a9df6e
SHA256 f9ca5599ee925c392638e80a60c16140bd7bb98a034c862a4316acdd78791bca
SHA512 0790868d161f0d6b18b1bb7e51a5eed56ea27ba0fcf46dbe8d2bdc2633137d2dd8d8808499a6ce3373fc2b99d4c5d9dd287c04bbf2e1558bb1c25e9fd42e9cfd

memory/2172-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:36

Reported

2024-06-11 01:39

Platform

win10v2004-20240226-en

Max time kernel

158s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe"

Signatures

Renames multiple (1340) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\CopySave.xht.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4244 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

memory/3080-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 d68654f35e2bcbeb280ceb410a3fb6a3
SHA1 2b44f885834d51ae1ae2557422953e639a48a96f
SHA256 7cd40c6e5f66e08f6a2b8af54314c3fe2fecd44f3588c4cbfeee713c1f079b9e
SHA512 c06f1187a0022f71c910225ea2e40d26682ac04ba37a7351b1cb1081332f6d7357ff945d1c3b656e5fccd16650cdc43a72ca76bba3da15f710597e9d86d443d3

C:\libsmartscreen.dll.tmp

MD5 eb0df92c240624be2b148d1c5a56b088
SHA1 6e4dadb253c44fdb7b4cdafb98dd5547fbb12bbd
SHA256 28d9c99757b8f97eacb5349e03c31b301c4a5d9a3de8c56d8d92e4a1f540c7d7
SHA512 f130a4c788ce0029d478230fe7cb816d37b0736beaa09b20bdae7a0ea3a4aa7cc30c7845e94573b1ba6d11ce898ec2991b055a1fd97e463516d7037da659ec43

memory/3080-18-0x0000000000400000-0x000000000040A000-memory.dmp