Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-frse3sac84
Target 8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe
SHA256 d657b3e66f162a7890765264fecbfdc4cd418f3952f385b9962b0d8effb52596
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d657b3e66f162a7890765264fecbfdc4cd418f3952f385b9962b0d8effb52596

Threat Level: Likely malicious

The file 8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3686) files with added filename extension

Renames multiple (5088) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 05:06

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 05:06

Reported

2024-06-08 05:09

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"

Signatures

Renames multiple (3686) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\RevokeSkip.ADTS.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"

Network

N/A

Files

memory/2416-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 334e43a7f1dc1411bee2dd7c9bae0539
SHA1 6cefb759dbd5e817d10a24fd8a471f5220eefb99
SHA256 95b9179c44a28882df46483c89b151c9e6ddd53ad179513014335cb8dce4be17
SHA512 d0647654e82a41eae852610dd57a9b7d9dfab4d2494057bdc9bf86af5dfcb146e94c89fd1c2195434733e9ef40a30660adaccc69b65bfb6b6ab441e1adfaa5a6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2784e6d54c90700f0a13d16428f9097d
SHA1 a1ecd8870c0ee2e2c55405defa02ff4faf23f3af
SHA256 8019b1939da3a30e5e5e32aee80778beaad392c98205b56acb76062a218558aa
SHA512 0306e7df196081ef3a7c2f9d1b39dae2cf830413417bcc81d64d39351dca1fb401afc872d9edd307cc569bd79e19ad788be1de109465cd9685357fdcb3bd9936

memory/2416-658-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 05:06

Reported

2024-06-08 05:09

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"

Signatures

Renames multiple (5088) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e82ae466946b37f894c3c3d6a547450_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/2684-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 6f26587cbf66e70dffc15e85ddc881d9
SHA1 3aa1fdcaf5406bfb48e4171789e533b22819daac
SHA256 96ddd76b516034e6c3d9c83e817214c876227fe8cc47c0b8327f86a077413686
SHA512 d64678de73e5a17aede7ee0a20738f231d8c9284214e722cab793bb3d66140d923168957928633e78673732ee03b3d2d802d0f87be1a0ae4befadd4b7180bec4

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 88070f88516ae98845a53666e2371550
SHA1 01bd98b77ea1231258859a6dbfa2214471e05675
SHA256 f33aa99a0e9cc16b42153af1a4bcf21f6ff97e3df9cebd1d69a9f70fc64a77fb
SHA512 96e4696f2b15fcb1bb59b7251b62d7fcf80cf1019af512ebb9b1dcdeace617b5c3271194803724ea301529c0a6708c789a1f03868a531f08e3b70838c963b7c1

memory/2684-1896-0x0000000000400000-0x000000000040B000-memory.dmp