Malware Analysis Report

2024-09-23 04:39

Sample ID 240614-dk2n3ashkh
Target 9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe
SHA256 c369fa7a9d81e49d999e82dc2001e25548e29132ccf72c969723fbc779a7c623
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c369fa7a9d81e49d999e82dc2001e25548e29132ccf72c969723fbc779a7c623

Threat Level: Likely malicious

The file 9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3627) files with added filename extension

Renames multiple (1351) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:04

Reported

2024-06-14 03:07

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe"

Signatures

Renames multiple (3627) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\EditOut.M2T.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe"

Network

N/A

Files

memory/2336-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 bdbb4a6339a617f037509ec5fa29453b
SHA1 4c59afd8ef121d3591c16a6fa735a7f9c2ff719b
SHA256 6c2699e8d2e902c30f3437022ed55c2680d26d7d2514f45512beca2f02fe0b7c
SHA512 e1589da89cc614598f47dddb62ba5d6e2ce05382319313a72944cb0451d2b488d349b1be0ab56dcaae38063fe3c9a4e44a63050f1224ac65a077b04e9df10766

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5429a5714b8d6b012b90be8e929385a7
SHA1 e18182453da89703c871cf5d2b43f536b2744309
SHA256 a46399fd5ee69a373fbd337e7458967d2383cdea70b984b33442b2811c9b94fe
SHA512 982ba59f4d30d29f4e8df6caf39a30069fd8b6381e4876ce4fe80818920ef567d625a0d07a2eb1d085c92683bb12a4e0f264947bcfba927fd7c39e4b1ad2d67a

memory/2336-656-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:04

Reported

2024-06-14 03:07

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe"

Signatures

Renames multiple (1351) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.25 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d60fb6e6e33ddb401df3a1da7eeff80_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

memory/868-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 26cbe76ac9bbaf81277c0f7148dcdec2
SHA1 da602224689da34bf197ddbc697de2606ea0f1d9
SHA256 2d99727c2ce8a0b31fb61319de217f55a7cf0504c9be852682b20db2fadadf48
SHA512 a59c0885baa310377acac259b2c957fd1dcaec89274d1ca332cc0d292c8fdec66a7535c5d74a6cf7cd20992c60f9f3e6c5f8f027ffaca77d24a47721e19a3299

C:\libsmartscreen.dll.tmp

MD5 a8879d225d8c534696cfb4adf82f7f1d
SHA1 0679e139f4f9477bb4fd4b937f4d21ccdb2a83c8
SHA256 4b4bfbd8546b7523edfe79c873f6c8df20e91b2058751662f61b83f294f6c083
SHA512 df63ea65cec0e77037efdb44c4b3ee3883e3332f61351e212af6b388962a572c0d64ca017950326fddaa744a43f53d4afc9d6bc1d859fac50c1f3ecfa9d21c47

memory/868-434-0x0000000000400000-0x000000000040B000-memory.dmp