Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-ddvbea1gkb
Target 250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe
SHA256 91255e90be3e2205e10be11f452dd4f41655e2e4beac20fc08f02797af4ea955
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

91255e90be3e2205e10be11f452dd4f41655e2e4beac20fc08f02797af4ea955

Threat Level: Likely malicious

The file 250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4866) files with added filename extension

Renames multiple (3433) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:54

Reported

2024-06-11 02:56

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe"

Network

N/A

Files

memory/1700-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 a306106e96f6b8eed2ff9d3de82e0be7
SHA1 721bd453de67f424fe77ebdfb545ba7d42fdd886
SHA256 acbcb5eeaf5e4dbf826ef9d4e5ee1c8bfabee273abd449e6dbb3f5d9ccaab337
SHA512 842d224ae5b72f154574224686e2c67cbe5b41bc7f2e49476ba7227a638484a0588df074acf9e3c979e928d5a7d915ebb5f16f83d231ccafc81c711dc4abe6cd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 89fe7eaa96fc1b4845962e85d3b5d7a4
SHA1 2a5bd7ab57cfd47ffec64179e803ac3c57f2ee31
SHA256 35b4e1217defe01edd1fb58500c6ed34dc7a9647e2989f33212d6e68c9c2fbf7
SHA512 9763b5bddf5d068d69a5864d8cc01395fd7c1f5140598b2a9d849c9959a371fbe35fe5bfeb667866ff150a902f47396e74c221ce0556ea96c200522bef4706a7

memory/1700-446-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:54

Reported

2024-06-11 02:56

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe"

Signatures

Renames multiple (4866) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\250e88f4e886ece3e074dd534b5c2e60_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3176-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 f37cbb3acc04fe1d6e0c13d2b0be951c
SHA1 cc1be202ca9a53eb0a4362213adf1faa1228dc7e
SHA256 9f2f88b0dc2a36be0eab8772636d10db1d0969f0df1a08805cc2e17ba40e2ed3
SHA512 30bc3e8a732a2ac8fcc25d553ad6fdf1abb4c4bf48ec29904bfacebab7e8136988ce99c302a3d60c2ca1672dabbd25adb92f9abdf7f6260676eb7f86ff2adc7e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 75b1bd88124381119990de5df4a3cd76
SHA1 e53a2a7ab85adc0d388bf1131e6711445bf8d525
SHA256 ddcc7feae356ce29e99bf4447e5a837be43d526062b03c148c36ee96056cacea
SHA512 4234d47869341602685e3ac3cf1ae5a291c543207aaeb5eddbc892b53b308bdfcb14b5210d1d3c4f194f872fde42861ee37113b461f224747e0b6f1c7a78c0ae

memory/3176-1780-0x0000000000400000-0x0000000000408000-memory.dmp