Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-cqb5xs1dkr
Target 23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe
SHA256 1e2560a4909eb54e71c4c90b8d485e6430aadd8f1f3058e57a8fb43a037494b8
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1e2560a4909eb54e71c4c90b8d485e6430aadd8f1f3058e57a8fb43a037494b8

Threat Level: Likely malicious

The file 23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3682) files with added filename extension

Renames multiple (1870) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:16

Reported

2024-06-11 02:18

Platform

win7-20240215-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe"

Signatures

Renames multiple (3682) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpOAV.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1268-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 03c652eea2d2fad14bb4cd83aa184162
SHA1 122b1b053783b2035cb579e82c59ba4a15e3b41a
SHA256 0432037500085b20746531d0f2e5719d62f2b5a03e4fcc1b51c999636ad91a5b
SHA512 828e6c239a14016f360180fea7381e19ecc79764d01c4ba4ca3792225b992df669c8f36378494e437044f1feb1e23ec2d86cebce897d666c139ee62266f53189

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9cb122c44675f6dd84a251153ea397f0
SHA1 25d42ad41eab7569b28df442d1a96925cfe661b2
SHA256 e6aa80ec964ac77a566339b048180ad5fcf6a38ccb9eaea6c9b0629f23683e43
SHA512 7410df60d51ce852bdac73bd3a8d6f99989178ef31a4619a76696764b80739b7b0ea37e6567c43c65719819c28df088a784bcd4b5e429ec03cc0c05af7c47a85

memory/1268-660-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:16

Reported

2024-06-11 02:19

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe"

Signatures

Renames multiple (1870) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\23d0fed34161633f682ccdadaea50bd0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

memory/1432-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 c647c1d8d1438f41d8b576690f81eb92
SHA1 350fdfa146a9cc48c7b38d1c17687ca6c670cd1c
SHA256 c53cfcefadd7befb323dda6c8ccf4d3a6c948af5ea5fd4a6e4206394cee703aa
SHA512 ec0c2407429f3d7f676d363d34b8d938731c70dbad0927d83e49ed4f1e7d70dd8f4eb39d313e740683be41e51d3500966f2f76300a5e5b9ae8a0e98b9cdca4df

C:\libsmartscreen.dll.tmp

MD5 9a78dfa09806358cab94cfc84d180091
SHA1 4a65585e004e1fc65714b27aa03e5e2216aa47a5
SHA256 62e39849e36edf4ed66a6e3f61865cd97b5506d6cfcfda006b3299496ac63b36
SHA512 a1e94f4896af4f09446e37cd748c5dd53b5b95b9e22c9c43575de952a36ca7b5e6d3c59c81492b77a75b2438ea2ee650fc532b90915af87827ccef18eeb27901

memory/1432-452-0x0000000000400000-0x000000000040B000-memory.dmp