Malware Analysis Report

2025-08-05 15:47

Sample ID 240528-y681gscb26
Target 018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe
SHA256 d97326408806b6c83ea944ef3dd040662d76f4ae0f93fe0b595839d1a6e949b4
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d97326408806b6c83ea944ef3dd040662d76f4ae0f93fe0b595839d1a6e949b4

Threat Level: Likely malicious

The file 018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3429) files with added filename extension

Renames multiple (4721) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:25

Reported

2024-05-28 20:27

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe"

Signatures

Renames multiple (3429) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe"

Network

N/A

Files

memory/2944-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 20a00fc5570b2d1a93534a328d1a9119
SHA1 f95a5f65c2c783d40d55f555cbf2d965fbd81c93
SHA256 d2f958475e76fe690108715e6fd7e52790b7485f462af2b5303eb27482a68652
SHA512 0412ea8a0040c0f019b9e3a6f2244c1ab9d6ee87115768cf7d4c7798aa9b774fa6e1082ff050b012ee4568985f562d84600775b066f1f2731b9810ae7b89b3c0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0de9e5bcf609ca086a69784e30524ba9
SHA1 b7106f8f273979159f9671085fc4691da9aa436e
SHA256 5a46b4bf0455ae512e8db1ae2323dfe7dbbfea8039f95ca43e1d63dcb4cd23bd
SHA512 03392e6c59e5bbf639f1056e6eb03f3aac97cdce3894a6e0f779c5b138de2123d43ffa418f16ea13a23125e5f25461a538b5e9e1eb1775064c1560bf4b1ba627

memory/2944-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:25

Reported

2024-05-28 20:27

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe"

Signatures

Renames multiple (4721) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\018865dfe06386762b31cf00d1327a70_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp

Files

memory/4632-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 13f6dfd995e024c6003e25aa4dfba2c3
SHA1 6e009b6d7b98d5a68cf43ae14105f20a267daa33
SHA256 2818759c043c439aa7b19a45a73a7e6d66bf076dfffb727ab236b85ff67c7744
SHA512 2d1d0e698f60cc35977eeb9822397838ef41416cd393d3fd7305ddf584bd7f4c5016d7899aa1ef998224609f9118bb3fdbf57b21a76aaceae6489ecf00fdc8ba

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 15dfd5d82e4d62ddee1428d6c7809389
SHA1 8f7a4eeb5131c63a41060d0cb376c44121652650
SHA256 ce920bccf9d771f8119fd560ccf9f27e39147f58a2d876e473af98208cca987e
SHA512 af50322fdb57cfdef0b1331fb1054aa3558f55bf7035c407e564b038db7dbd8c41173393dc66f6f56a756d988bee0d8dbe4e748a3dad46ead96f4c6bd9ed5439

memory/4632-866-0x0000000000400000-0x000000000040A000-memory.dmp