Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-b6arcszeqm
Target 230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe
SHA256 761d32099b1c601cab13d00c199d153ad3cd59f5c21c88765b49c88923d62f6e
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

761d32099b1c601cab13d00c199d153ad3cd59f5c21c88765b49c88923d62f6e

Threat Level: Likely malicious

The file 230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3926) files with added filename extension

Renames multiple (5321) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:44

Reported

2024-06-11 01:47

Platform

win7-20240215-en

Max time kernel

150s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe"

Signatures

Renames multiple (3926) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\AXIS.ELM.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe"

Network

N/A

Files

memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 1fd6cdfbad5b69dea7f4ec487cd3704e
SHA1 bc50eda3e55e54409ee71bb245709743ebfdb275
SHA256 757f9f65592a6ba27e05aff8889854b3a598f5bf7f01dc2ea13cb562406c0e2b
SHA512 48c411ad9b8a1385167ad2a88bcc8b23d56a0df3444d5d1b3a9ab9c11df9f2943b620758009bb237f390c174e926ef3eabc3298a7126145bbfd5203c8fb2a70b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f480f707e70a66a65bd5aa347003e111
SHA1 46d971245ecb587008098821146962e94c3436fb
SHA256 1d4391242038256346da3b07a8af141d6ede69d16838f35bad563d1c82333f52
SHA512 2d35e23ca63409808847d9d51d131aa98569236273cc579543851a249faaf83a7bccc39ba99559d156a73320afd299b4f110db525a70325df56878b5edf26b21

memory/3028-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:44

Reported

2024-06-11 01:47

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe"

Signatures

Renames multiple (5321) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\230c949f4a2ac94c8c8a05f5cd671d70_NeikiAnalytics.exe"

Network

Files

memory/4852-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 729ac72676fdb8724a96c19504ed56ce
SHA1 0090dfea7b1dc44dedcf7b52aeb983b3487539e0
SHA256 2ec90b56406152ed01de466cc4482ee5cd225ef41354ba7991b0c07734fe7444
SHA512 fa21adc07882e7727616a29945651184069d2ebed0b76d380da3bf72941244f20c6fec38311d4c9b9dbee0dd1559af2a3d2b0b523d53ebd7a243adac8c457df5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 195bf5aac5bd20a2d4599156fa637f4e
SHA1 9d72570e32b41349a59dffbf84d2f82dd185341e
SHA256 55546a9834b93028e772ae47c5d2a49f3a5fc0f6bbd9267f7aae79f3558bdf9b
SHA512 4e06eb5d9aee440651dda9b647adffe61fb165e372c44b74fc14b137d6ab6d6db1209eb424e4957f6b43493d3b977d17850647f809e92924a96c31b6af15e69d

memory/4852-1216-0x0000000000400000-0x000000000040A000-memory.dmp