Malware Analysis Report

2025-08-10 21:46

Sample ID 240526-lxzz1afa69
Target f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe
SHA256 170aaf69a8ee722414f987c9ee8903c416d6d41dbf21ae1dc9ab3e95ebdfd10d
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

170aaf69a8ee722414f987c9ee8903c416d6d41dbf21ae1dc9ab3e95ebdfd10d

Threat Level: Likely malicious

The file f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4067) files with added filename extension

Renames multiple (5188) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-26 09:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe"

Signatures

Renames multiple (4067) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\FindShow.jpeg.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1716-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 d39a380645a705a04dfc5a8a2e2bd269
SHA1 7e27b64beca35d7d8f430c71da71dc0946daee3e
SHA256 a57a46bbafd18b8a6a4472374adc5461bc6b671d5ae1de54420de01258e6a196
SHA512 e4b1bf796c59d7a990ae0bb6692495b25fd7d4ac5fe0dde349e142fb6036cbd11be5438757204794b5a6833f9a2c8f80a3b7a30378979893365e382183eea0b0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 08d1b0668e910451a939291788a313d9
SHA1 7c76fc2749f3c21c6cf50c2fd96fdb2f0f6f463e
SHA256 c1f2bab50721db27c2f6244699b8f2c6417ca05064ccb3e7bb6499876384bf8d
SHA512 ad00d877b43ba1b2c66af77e9ffd9922386188c3b964990e40e981490da197f1718fc384b3eabdc0acb21599ada17f7cfccfc82b7039afeaa5eaa9b02c409474

memory/1716-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5188) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WEBSANDBOX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONE.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\f4ee81ad2e8812a13f0cefeeeef145c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/3580-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 0a84d1c9096dc8635f8d35c3c1db3712
SHA1 883208ffd5631f58aa9b98630579df702e105cdb
SHA256 28a16fd3ca6656208a91877980361ac26e946e8fb7a923aa3207955a6bb5082a
SHA512 b3b6d0c3d67ba5c6799a01ff7bdc2067e6624980add9e7bb72e2a5b977b334bf69694fc76d324d0498fca20f3d41ac2fa32658957b2d3c3aaaca89926e7e77b9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 25dbb3f39623582074092de76c61a135
SHA1 827820e925d2a0723523d4e731ebb14d3b06e40c
SHA256 dd9fd32ac7a28e2145b2d941679dd05bb39d76f0574871614d0b3af4d6fc6aa0
SHA512 abe747f26200c36da85b129138dcff21b06ec8d6881a57457947261408ffe9385d425c42f4285b457a3cc47e9f4c0335686150ae2d8182e2aa044208b1b38486

memory/3580-1094-0x0000000000400000-0x000000000040A000-memory.dmp