Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-fd4wysca93
Target 3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe
SHA256 b3c180d9df998fe566dba7ee1e98a22178d71896da1f93121d5ec629d8797d6c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b3c180d9df998fe566dba7ee1e98a22178d71896da1f93121d5ec629d8797d6c

Threat Level: Likely malicious

The file 3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3523) files with added filename extension

Renames multiple (4744) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:48

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe"

Signatures

Renames multiple (3523) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1972-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 58520902ed3e6bd58adc113fde996abb
SHA1 e775ad03ddaf20b40ad0d2c2e26dadbcd7596545
SHA256 42424faa03cb89c1393be7ab69cb14d3a6ad52a9d5f5011d5bfd0d55958def2a
SHA512 7c2f558ab6ee6ba95e5b2c19d42fcda7a61f4b5a2a94d29593be9c7ab5aea3953e226add3564a09ad1889236c6d7bdc927cb99846c1ac81200bd9f2f5d713786

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3daa98163e2ff245a0e30dbe37c1c307
SHA1 51536af2c16fc6f42e25b4751d8a67d055223ebd
SHA256 2e89138f4e1e71f94fe97f352e01e55c9f4a977d041ed5574f98971e68fd31ed
SHA512 a441e65e38b5e2805102415455c38e563015a732fbafc876be29182ff732e70c656c7571b89e1c0fbec8935d3a85b067d104bba0d2a0e7456e194b2fbe6de1b4

memory/1972-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:48

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe"

Signatures

Renames multiple (4744) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3929cc52fbe92b0318aa1e5fa2a6fae0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/3052-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 7b38383de65d33c30d896d926891c69e
SHA1 23f36636aae92927904ec88ab263da5695e71a8a
SHA256 824bbc3bff318abb05b6fea6be6382608f6e0ea2d4c537a2d06ee6775bc27caa
SHA512 e0042cca12ccf500c6c85324d7116058c663fa663cc2e5774dffe846d013ec4a4d2d7e8263b18b4ab252041411b4540f49a51cfbf60da6d8b0f6c71413967d28

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4fba8e1564b39105263e6a70546543b6
SHA1 2cf433c71ee58eb80f814f3afa1290e583da1dea
SHA256 8c0e3397230957b2b168e8c1174c9277f3f93af74a93a848648dcb25438ac588
SHA512 ebd15338c131f5ae67f9d7fe9b0808c9fb7d5d83e860614e3af2e02def7005852fbaaf765716e73ce68f50d85b61e260e9b6a288e2a6cd6406ecfd9941a66767

memory/3052-1738-0x0000000000400000-0x000000000040B000-memory.dmp