Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-hxv49ssfnn
Target 67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe
SHA256 cc3e8222c58ac2ce0eaffb3b058187964c1b52beaf954b1c1a11b0f2227502bc
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cc3e8222c58ac2ce0eaffb3b058187964c1b52beaf954b1c1a11b0f2227502bc

Threat Level: Likely malicious

The file 67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1366) files with added filename extension

Renames multiple (3763) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:07

Reported

2024-06-13 07:10

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe"

Signatures

Renames multiple (3763) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 290aa29131b9766261ae1b6e00d58a67
SHA1 8f0dd5f0ead8f5a976275c67782edc813e51d5f1
SHA256 7e21a1e690257a074a7b46cc30097c5cc9f3a25286218e71b12230c1b0ef1bfa
SHA512 d441f0a12db79fa5187dd5eba96c75926d6c987fb7d0224454ec7d4950b70715d689bbddaf7ff4d1b4e55970510f2e22abfa36a2d5404e4ff270fc9446efe415

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ce2c2b9de9c140ecc3b185f9ad8639c8
SHA1 1b9a1aa6005c0918898416bb2e2794dc0ed210f3
SHA256 cdac1fff219f4c9b47f523f4cefcf873a0bd9cbafa8d58866a5fc5b80019e000
SHA512 80eb613718109705f826bb51361f4b462580ae2c901d20d86178ff1a44b7ccc3b7f1a891103c35e6f6bd8e91bfde58abe1cd508abc6f08f1249616f62cfb8a1c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:07

Reported

2024-06-13 07:10

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe"

Signatures

Renames multiple (1366) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\67e8421ee46bf14521e505a3fe63e780_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 ef8de5c7ce0efda4db579ffbe0b3a417
SHA1 20500a25fb5e1c890d190e2e84634c4274ddc2e8
SHA256 fbd3a42ae19f80160dd62e0c08a698660cbccc85f240f12e2291c86d6927bab0
SHA512 7d5167cbc7e4fa1df1bd49ab4056776e9cf2aa1d782d6f60c16504090b267331d5b04cc1513982be92c229098e03aedb164130e7d42cace630ebcc1ba059b593

C:\libsmartscreen.dll.tmp

MD5 83515f345c7f9307b439a1a10728a950
SHA1 7fc4ca7896469dcb29af3a5b3f0a67dcac3579f1
SHA256 4b5c936b89626439f154d40ec9b573dd3e276bba8bc3991d095f1ef3cef6077c
SHA512 6687ae526c67f468295c61c61fa4261a7d6722fd6fc9ec6d8e9c730c98863d058ce2e3f498604c14b3d5036e12310650ca834b4a1a37877acb1eb480d637b5ea