Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-cw679aff6x
Target 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
SHA256 74cb67e969c5abf429bca2093376f64a15d4ce2c6ba8431ccce8bf8b05665cb0
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

74cb67e969c5abf429bca2093376f64a15d4ce2c6ba8431ccce8bf8b05665cb0

Threat Level: Likely malicious

The file 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4347) files with added filename extension

Renames multiple (2708) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:26

Reported

2024-06-08 02:29

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"

Signatures

Renames multiple (2708) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DismountExport.dotm.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1284-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 932e0073d03a208eb84f626040fdcfff
SHA1 55d701873cca2f4bc6b276aa181b59e3f1186361
SHA256 bea7f1b3cfb43e0e12e0f9a5e14b3db8861d024c4196e98674cda7f1a0f127ad
SHA512 4e5feb230750a8063115f5beed67e0ffb9270bb0b2410cc6c0a5d6f66c7d1ad13560aec669909624cfd1ea2e7aca6b9c870fd99317870b3c18d4917cad5ada42

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 54d4d7abbdd550f8f4311f1643c4a6f5
SHA1 ed97f768893000f20eb0248db09911687627aef6
SHA256 504c64dbbb9417733424f7c9ac4829ed247c4a36b730968cbe87f850ff79d74e
SHA512 a40327e8efd2727a0299348a281e9831a30bfecce486d6079f286a1ce86d3d951be9cb4c77baaa5fa5f8e08919ffacbdc1944f123f4e6ad7eff9e1d0a9dbf1f5

memory/1284-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:26

Reported

2024-06-08 02:29

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"

Signatures

Renames multiple (4347) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/1620-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 7fd4e3a2dda0bcbd5ecb36653568d1a3
SHA1 eaccc7d9aede42dbe1b5111191e0113f9c0d7ded
SHA256 fad86e2521e57ec5a712010e9b6cb14e321df040d4225ebe90105d507232bbb7
SHA512 a9ad9b39c1f00699679ce651d90e59dae25e9b0ff2f9eb32aefbc23b0f4f493d08e101f012e69fb35f0cc5883a706ea8b40a8ed3761731c8da35c9da7b3e7328

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 527128fc263deada975c650c2299518e
SHA1 0f64d631f18fbe0a56c410936cb8f04c43a2493f
SHA256 b995237589a776ab6a4144a4d3eecd11838242df1c3ac96eae627f76892db285
SHA512 b986d65a3a18c947130d47b94a8c14371981ee4a5cf80b910101a7450567f1152cafc1631531a85a08282b93373aaf7d0ba6120fb289fbac20b52bf1922a378e

memory/1620-770-0x0000000000400000-0x000000000040A000-memory.dmp