Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-qqxnhszflp
Target 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
SHA256 0f73c109cbef0128cc42ddab50cf3628fb5b551a7f2e2a18c58aeb8a4b821b16
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0f73c109cbef0128cc42ddab50cf3628fb5b551a7f2e2a18c58aeb8a4b821b16

Threat Level: Likely malicious

The file 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3728) files with added filename extension

Renames multiple (1724) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:28

Reported

2024-06-12 13:31

Platform

win7-20240611-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3728) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1460-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 d0d0bd27abb052fc2767d25a462982b3
SHA1 60c026294f6bcde7c4687bada76db4caf7aad0ae
SHA256 2ae9a50f04c8d1f0386b078b5d9a481f7c07a1568a870b0c08de273a5a0da5ed
SHA512 78be3b3a2aa2539a2a0372545c3389f866a4d2debc5ec9b262c334668b9e5e5cb2371b37ddf0645a2a8249c8704a2e2654a74ec508f044115f43542ad740e5fa

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ec17e8229b9fc658d71d304fd6b5ed15
SHA1 c857753bf65f5f6ccad6e32dd39eae051f09c976
SHA256 965534da6f51cd11dbc810b1d08092fa88b6a974c43ff6ac524f8291992efe75
SHA512 c348b549fe9406b7e4f480ad3019db2f1d195e97d9c1c561e7be9393431ad50db5eb60f2b6cf0fb3e0d8a4a1bf28d29c75db34eac86770046c99d4e8a010fbfa

memory/1460-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:28

Reported

2024-06-12 13:31

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe"

Signatures

Renames multiple (1724) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3612 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

memory/4900-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 d1dbe21271c23afbcb938f8a3812765d
SHA1 7064f46b158150f778a5ede68c285bbe75c4aadc
SHA256 b693fae1534e776513c407873d7dea11d8a8ab1bcbfb289edb7d678dd2a1775d
SHA512 e81fb7f8bc25857e10e03cd0222b649c330715f7d637484a5a7dea6ea07c8c51b6ca2b4b4c67e05a0a6c443e1542ba2340a910a28995811ad7897644978cfa71

C:\libsmartscreen.dll.tmp

MD5 397d5e22dcf432e51efbc7f3c4c4d6e3
SHA1 d1d61accbf2b5b44e5b48225614167ad73194145
SHA256 06a1db52114ac6b2ddc78b19f80724df9c29029ff5fe40a38b2d259667827453
SHA512 59abec09820647dfdabb88213cb4fb9b0c3c02184794342529a54608f7126448107f4154849810e3e0ce3d1e0a819130b51c277a256a94e297b67c51e5aff51d

memory/4900-302-0x0000000000400000-0x000000000040A000-memory.dmp