Malware Analysis Report

2025-01-17 23:54

Sample ID 240603-qmrm4ahb98
Target a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe
SHA256 6206ecb79cbc73be0bc1dcd94c987e40ee07cb25d6c900fdebe10af701e80935
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6206ecb79cbc73be0bc1dcd94c987e40ee07cb25d6c900fdebe10af701e80935

Threat Level: Likely malicious

The file a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (912) files with added filename extension

Renames multiple (4860) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:23

Reported

2024-06-03 13:25

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe"

Signatures

Renames multiple (912) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe"

Network

N/A

Files

memory/1968-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 7767a905013d046a1ed2dd629dd09add
SHA1 43fe8a7da0a5f0b51033e1d7228b14a0fb9094b2
SHA256 98c551f946f68772ddfb0f52082c0abe76c4f0ed2119df9f16579144758526d4
SHA512 2c8ec52583ec17602c069730e8caad8d89533860ec8b52a6d0b3f4c24cea72c917674b4bd5d0a880569f2c02f49c507bbf41c600786eca457182833e331efd6a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dece7be099e1a711fe6196ca7d2c76b5
SHA1 d384be6b6fcc24a648846923b6b3584dc1f3591b
SHA256 d255611cfeeb4a512dff411e9f2b37011db8ad63527a2a27b3ea122eaf5958a8
SHA512 07453122502fcd7b0294e8a75fc981d9f970d8f2ddde40f2364cca32ded9e5c10f82b7408ca645d1ec3af4081204ef33d03032c6cabf7e04794a345654d5392b

memory/1968-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:23

Reported

2024-06-03 13:25

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe"

Signatures

Renames multiple (4860) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4d415695f8834827be4e6275fa11740_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4800-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 73857aec53cc4f954a728a0bdd9a64f0
SHA1 37e94fe491f206bee3172318ce5da1bb6cf96e2a
SHA256 90eb20133103aa8c0f79317598ecb3ae68d48973c8d32f6ef4a107b8a567b619
SHA512 ad55d585560393f81dbde2d3f89d2972a4332ad1c2dc4f66813b2eb474de059b12a992a03841af0d9f57e093f0f3cbd6359aeaded546fa776a7ad0d413ce7a09

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bc6eb4be05e3de83ac524cef975a34aa
SHA1 f604e403095c1b083deedfade8185028cd9d5c1c
SHA256 58d780481ecd2c48766553ae473fa341cba27ca5bc5841892e3c66a187ec6319
SHA512 5eeceb3dfe1e5a289133d8940cbc201a7517b5279bdc656c5748dfd89d7f4046059cd3e6e8931699d7b87b77d66cc9e967a5f47fc98d3686cc94a4450efc7130

memory/4800-1778-0x0000000000400000-0x000000000040B000-memory.dmp