Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-e71wqaha9s
Target 8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe
SHA256 23796cca6b7de3a1aa28ffd438b46eec3f1857d9e0a09b56eb30c5355ee279bb
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

23796cca6b7de3a1aa28ffd438b46eec3f1857d9e0a09b56eb30c5355ee279bb

Threat Level: Likely malicious

The file 8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4203) files with added filename extension

Renames multiple (2651) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 04:35

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 04:35

Reported

2024-06-08 04:38

Platform

win7-20240508-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"

Signatures

Renames multiple (2651) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"

Network

N/A

Files

memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 367cf4b584e817e1a0d284cce33eef4b
SHA1 c811ff91e89b859d4ebae4de5442a7de27bd9f30
SHA256 98d349d86c419fd3b1275e94935b895bcac32ef78327d6e670a93953c80e50d6
SHA512 7a4fd74dc84c6f37bf45799ce81184c46f4e1fb5abc13f4e4d70bb8ae0ee020aa05c6c0814bc56e64729bf6f7a8a21107eee4e5f8763c49c8e05a29e9e01faec

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bae0c6e8fafd56e26faf25af36b9fe91
SHA1 630c2f3529bfac9f7b12db886819b37dc5c42806
SHA256 3e0f4a46e1902a569e25d84fbb876c5336f380508e66ec50326de2f9df614f6e
SHA512 80cff411f7ed479917f15c4bdbdd69914507c2b466e7fb086f3a1ffeca1a97b4d08930623e1a83e65ba4774319974f8332ddbabfaad4b263ce666509fc499109

memory/2244-430-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 04:35

Reported

2024-06-08 04:38

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"

Signatures

Renames multiple (4203) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8c1c1d9d3a817c31e8a5031c95559570_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/1492-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 4de0db58f32152f1c392c9ffab7a0310
SHA1 9079e365886b4cba7b1442e14d8a422da18db3f7
SHA256 0386b11a840bbed5ab684122bc76b62e20cd77046ffc2e8d0c2f1558bdd239ca
SHA512 e79df24e35fe10ba14f6e8e9b71b1fd07a708a8463cd4965b5f38e506f21dcc4b16fa9a3cca0e0125510967d7827f141ab5349a54dc466eca27718dfa0a451ab

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9ed5f8703b6c41007e92455f307af5ab
SHA1 8f4202103dc0d6b45880b195e32e1a5a66d64971
SHA256 722df8de318fde6baa9b566aea02e982e9439dd63e1f878dbd51b9fe8b7efc50
SHA512 5dfb66729a9b523ff4f797912053439ba1c326593d549792af1ca66bc7b67168fa21a015ec1dd1794f6a16f311d155cd5330893ee23c2357c3938dacebc7e8be

memory/1492-1410-0x0000000000400000-0x000000000040B000-memory.dmp