Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-gey8jazenn
Target 62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe
SHA256 67eeab27a4473b56a9c4ef52831d07adfc5c74dc8b941dfccc66181eec8aa8ce
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

67eeab27a4473b56a9c4ef52831d07adfc5c74dc8b941dfccc66181eec8aa8ce

Threat Level: Likely malicious

The file 62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3328) files with added filename extension

Renames multiple (1493) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:43

Reported

2024-06-13 05:46

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe"

Signatures

Renames multiple (3328) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe"

Network

N/A

Files

memory/1124-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 2a0e3c8690c77393f99abe9b42a03ca5
SHA1 f54ea8f7bad033efd087bfe1b9ca9543c8a87731
SHA256 367861c8296d57e7ca1ec948f6c523eece9b5cb8e145f17cb5ff4376c2081132
SHA512 370135673a0f7151998896832c76c882c2778a4cc5361dabf618cb7304e05fbf496ac4e5bb9abf7db1ef0f05e125d63cd92f17d38e939022144ef228602d8bd6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 75e642e4869a3373f02e6b784c864e2a
SHA1 70f77d657ac6fe12233457f0ea59a59a6eb3006d
SHA256 151349f27093fc25d7bf03335a4d66385e4ddd5e0341d1ccbed64f9e7513633d
SHA512 d92c53cbeb24293f2bc4e012fdf08afd3721a8ba11961380b7bb38a02c201fd73bf73895ca552d1fbe830fe1173c7890bedc38769260561161aa584524250db5

memory/1124-544-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:43

Reported

2024-06-13 05:46

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe"

Signatures

Renames multiple (1493) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\DisableBackup.wm.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\62fc9d28589e8b7920e26504a3165530_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

memory/636-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 7b6074ea38d7c9c3f9a3dab65ebcebf2
SHA1 e2821aaa9aaeb2d6313d1d20965b00762f265626
SHA256 bc015444e9898494b036b2de974795c05f4125025db81add43a01bc33cd91a87
SHA512 60e3d619cb517de1132b2895b05d18f370c1314fe6ce2d9db6e0a40490b744d1f8832b2979c4dd20bf407c3d6d9f8960b8dd0f48c3d16b159f09cb7504163bfe

C:\libsmartscreen.dll.tmp

MD5 bdc861383cef775da94a17a61f792a31
SHA1 983de7d757d7ec021f80b8533b7190f53468c36f
SHA256 9287b94c9392fc993cdd1876e96969bd0d34d17f18b90bf6aa9384b69a5e2e4d
SHA512 60e5a1511e35106790f4b93291e386760fe0cd0630dd987729a353108fd20394d48c1de1b2957790016141fdb81df030e9d3c3ff551a1fc8a3b40addda9df23c

memory/636-420-0x0000000000400000-0x000000000040B000-memory.dmp