Malware Analysis Report

2024-09-09 20:20

Sample ID 240613-21x8ksthqd
Target 8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe
SHA256 295b429450787bcb0b148fe08b9e6f6942f80632006f8ce9363f6a899abd19e4
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

295b429450787bcb0b148fe08b9e6f6942f80632006f8ce9363f6a899abd19e4

Threat Level: Likely malicious

The file 8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3780) files with added filename extension

Renames multiple (5279) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:03

Reported

2024-06-13 23:06

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3780) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2740-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 b9212c48e36632aa408967b3a8dd58c2
SHA1 814ea3d6c68041e0619326b71a842b219120273a
SHA256 e1e315abecd49aefc37ab87b87361b3ea5d6788905e82d2fe81169e4df8dd3ca
SHA512 14fb16a0fce96575ab0604fcff0b45cbebbdea73f4ec8fa9aa6bc566baa1c2983387c796145fda1e65330fac0971dd65d29ffb08798aa24d6f3819c38593da2e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 55f9f78ed94014d28f2a0697f104440e
SHA1 2ba324e9f13d734ea10b608e9ad48d96c6dce305
SHA256 cf782034e6949759fe8e1113c572ea41f51dafb03c70d85134afa85734efc120
SHA512 fb39bef623f31775e7923ec16b93c0e191bff4c5cfad25884196953aca847dea6b8efb784264902ba89eb3e6b8973a6e0c0f9957853a7b35b2e19e51982c39fe

memory/2740-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:03

Reported

2024-06-13 23:06

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

58s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5279) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8e82c195b96d95227c40cdc75d1479f0_NeikiAnalytics.exe"

Network

Files

memory/2316-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 88b361b690645b0d229e29222fc6fd01
SHA1 5f6526879a422b110d7e59ad97096a687824bc4a
SHA256 c168f58b3bde90ed35ad04b4dd0028a6654efdd861665667a7af0b96405823f8
SHA512 5c0e88ab71f87d6a6ff565f9f9f4b8ddbf9bd83b1734e380dac72bfe9b2c7414e9353008c11abf7fb8929f136ab44547e0940ce03a4c3465a5ef088764c1b6c3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c1d7e25758a9e9ce9995d81eea6ec50c
SHA1 04cde4f1408e0d5da7c4b026ec124063a38f8e9a
SHA256 511fd980b4cebedb467e2007838d776095841ec2449fe13ffcdd303b3695d5af
SHA512 91530f02b6eda6944d5b868f4b03905aafee96c028dc2fdf0c7eca0fa0b4d8aedf168ad4045c219d1f17b3d904596baf4b524f8c1286f4d57ea9553b3163ad7f

memory/2316-1212-0x0000000000400000-0x000000000040A000-memory.dmp