Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-cs4b7aff4t
Target 8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe
SHA256 e69807b0ed6836e36d5ec79ee3235db9c2a2cabbec9a6e48f6a771ea78162fea
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e69807b0ed6836e36d5ec79ee3235db9c2a2cabbec9a6e48f6a771ea78162fea

Threat Level: Likely malicious

The file 8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5297) files with added filename extension

Renames multiple (3497) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:21

Reported

2024-06-08 02:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe"

Signatures

Renames multiple (3497) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabmig.exe.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe"

Network

N/A

Files

memory/3008-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 697b324cec7cf1b984a82956ba58a28c
SHA1 c15bf2917d93aac17d703ef1d5734bf395ec6aff
SHA256 ed8bfe12d3d5fea0452ba368887c181cce3bead60d0d1948081a10db4be2d9dd
SHA512 ced0767422cb8f7f25d06c8723f42cd6754c7c1b59d01c790ea65973fcc24b0709e6e6a1cf8f24f9c7282d1a80329e733601eea8ede21aa89dee0733d3e0db2b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c2e122474faf52d01904b286a1b55380
SHA1 d7a19a9a61f3829b3e76df85e41222427dcdf417
SHA256 693e8c4eeccd47b7045fce974eb9baf6a3a20e2614e367bbf123b69c5db741ee
SHA512 bb37dca36a04432666e79ba286fcde276e18fb00276f59a122463d2ecb6d664e89793d161bfdc87e272f1d63c2e92f9864f5d53d664ef02ce6261fa670da9c2d

memory/3008-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:21

Reported

2024-06-08 02:23

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe"

Signatures

Renames multiple (5297) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-LIGHT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8368188a13878d819eecde96bec0b360_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/3636-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 429a93d95e1131cd4043ae6fd51d2ab9
SHA1 f801e784b6cb31f2cb5948e988b7e21a1138b2cd
SHA256 e39dbbdaf369a8985f61a488c9c952133e97832b07b2446daa559cf420ac45db
SHA512 bc656cae94b2775df7aa5adcd3c354edce8a47c446b12e375db898c7ac3201246ec80032d92a0265a8f31098f5fa0ab75f5460ea859f14900bc6d8b80bb01cb4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 04a5078e09960f2630b1608f85194b3d
SHA1 16f7be8710494b5659655062bbfc7088046e0de8
SHA256 c5ffb83efbc2ce4750f67efaec734b73131d8cc79bf2facd3268e2b1761144d8
SHA512 3633f5ce6575f6b0d53d61309e553614d6558b45f4d4f7a96849c2175e8d5fec5c80de8e09b3b812db79fb425493e73a03beec691aff4e950c4ef12e34ac2579

memory/3636-1216-0x0000000000400000-0x000000000040A000-memory.dmp