Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-a76praxdrb
Target 21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe
SHA256 69902823e4f59a59020e2e99e7cebd1b0edc771bab9af4482b4cafeab1a44b7a
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

69902823e4f59a59020e2e99e7cebd1b0edc771bab9af4482b4cafeab1a44b7a

Threat Level: Likely malicious

The file 21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5259) files with added filename extension

Renames multiple (3638) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:52

Reported

2024-06-11 00:54

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe"

Signatures

Renames multiple (3638) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe"

Network

N/A

Files

memory/2864-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 4a6b10f1d8920e7016e8700809432c34
SHA1 7198bf8167da81bd09e5eb62a78800894422802e
SHA256 5eda6ca0ae9f1a17b977ba059f579f5480633f5cadee7e4329f50cc065846f27
SHA512 7897e7e008b9c88e412d05030159fe4dcc5644b284fcb95eaa983c56886a60a21cc0b949922177104f018bc1651d34f354351ce45c4f188b86e1cd0b383c3e3f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 61426030876ef5d5fed0180c3ad4559d
SHA1 5a899dae48a4a8d6379743217e8b61ae76603f0a
SHA256 cf1ce95f5253dda887697ad60d40d7a64424316e0d5c2cc9d643e6d18b41d9eb
SHA512 ae9121ee4ed61bcd636d0601d6ac73387230a6b4310de06d962b89af6c585e8e8cc6a7ed671f31bf27ddd9388ce0042c9d59b52204640c5876a1d833669cfba5

memory/2864-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:52

Reported

2024-06-11 00:54

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe"

Signatures

Renames multiple (5259) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21a65b1e7f82a6e56b95b9694e41f970_NeikiAnalytics.exe"

Network

Files

memory/3904-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 1ff6db1838d5ad138c467522df132ccc
SHA1 cdc770f0d2d2f585dcbbc909725c80b79d65e011
SHA256 3780691024550daab1394bd1218d076ba099b710ca31109fb4b4b4f21ce5100b
SHA512 e363c22d32fb4225961730eb2f0078a589d4e26d1701410c42d8abe17013ff501c780e6094438875f493260693bc5a15fd658fccddc9729673ec6454f2e5a166

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fff32ff94cfd28b3e1b0e74e7ea14bc8
SHA1 66c9be32e046bf9aaeaa87c288311426bfa1c9a1
SHA256 d905c00de2712d85b06038aceff96062e903fa7bd9a681aded5c263bdf24757a
SHA512 da9d218a247d14fa21f253dabac6f2300869115cdf2480ef8fa17c2e3050b73eae93d24276f140fc58fca4d48b04e93181bfd68d2ea6c9a55cf593d522fea066

memory/3904-1946-0x0000000000400000-0x000000000040B000-memory.dmp