Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-b14ggszdmm
Target 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
SHA256 a9ec5f60030890abad4fb262031be79e7ca207d65477e844651025445e1a1174
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a9ec5f60030890abad4fb262031be79e7ca207d65477e844651025445e1a1174

Threat Level: Likely malicious

The file 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3252) files with added filename extension

Renames multiple (4672) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:37

Reported

2024-06-11 01:40

Platform

win7-20240221-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"

Signatures

Renames multiple (3252) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\SuspendPush.htm.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"

Network

N/A

Files

memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 0a23c91fb601ecb632a376486be4f8d2
SHA1 8c313f194bcd9b08d3a3dea646862b1402362a1b
SHA256 bd1361658a2e80d8818251a9b88a776fc7547af07d5f4ba1738540b333eb997c
SHA512 b400b349b129a89bf26e553d675c3b707daf8b75800de104fe230679949ebea4aee8548187a52035f74e22736d5f39f7c44fab8489c2782e9e39b108f42644e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e31378161196afe11b8ef7fdd3c90244
SHA1 cff438f93250851fe3dcfbc51d797d47dbe19f55
SHA256 28cce13c913e04ab8f5071976b454a9c7e47fa37b3ca23146737980c83efc62e
SHA512 fe5ea95d60b1e8774a0bc87a7da30f6bc5a4dc970a666215c396e7bc68e5fd9f57ec1bce603b3697fccbfc8d1e776f83c9dbb6aa447dd1f5fcd0cd724cf61335

memory/2156-534-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:37

Reported

2024-06-11 01:40

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"

Signatures

Renames multiple (4672) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/1532-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 cebe3b6e1c39964f154bd5a511a934ba
SHA1 4579a416dd24c3d1af3095115eaca21162f18ca0
SHA256 2f0438f30fe204d3171a843bd530d88aca24da1956f0fdc61c5b447bc7a72447
SHA512 a790dacb7743c6ac0dc8a1a551b5662e977440ee467b52b3149e890b433a0bcfa852a679e11f8896d6cf9ca807ba1184d3237d8f74ae85ec35d64171c77db212

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9172b982c8914273e882affafdc88827
SHA1 0cfb9fbdc9dbe046ef1b436187c48971cd4f591b
SHA256 1108e7142cb17c3d7316433a318172ad3c77612a028f8de25c4787bf8fff2171
SHA512 62a8d9ebc90bca2e596ca78655c265525aeb9706bb4faeae9f7cd3c1fbced8819fa4bbe1d25111bacc949def355b4f99c09d9498b91405a8b9fc8483de8ebbb4

memory/1532-1602-0x0000000000400000-0x000000000040B000-memory.dmp