Malware Analysis Report

2024-09-23 05:11

Sample ID 240613-gr25yswhlc
Target 642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe
SHA256 cfe567f7962f71b45ab514d2b21804053cd00d005d95840cfe6be0a9c6aa603b
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cfe567f7962f71b45ab514d2b21804053cd00d005d95840cfe6be0a9c6aa603b

Threat Level: Likely malicious

The file 642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3461) files with added filename extension

Renames multiple (4838) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:03

Reported

2024-06-13 06:05

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe"

Signatures

Renames multiple (3461) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe"

Network

N/A

Files

memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 3802a21e2a402a8bde9c07880109ad36
SHA1 c42e642057ccd1f0351d412c9e1b5fdd9e167eb4
SHA256 2959eda718cc1cf2d25dba57f14e895a5d67267aabfbbbdb05e0f30e4fa5d40e
SHA512 c508e20451e2ad108c94c92f29b7cb49b486cac5ae29f59847528079a12aebb34388fa8d6b62a8af5fb05e4fadf2a31fdef9ca8c85d920255be2e4f12f1bc631

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fbab13fd61ad1b1bef621dcfb1cb8827
SHA1 ba109e35e8d4e89790fecb68c776c85000904052
SHA256 f0a27e41860179f4c95e49315618a1c05eb8c6f717b999d4c21bfd1db1494bc5
SHA512 51b89fd0275a790b1674040aa6f825cc66c83d75d9477594c2903abe8692a47be0c815baa700fb727feae2cf199ec872bc33f7569784021f21480fd5369189e1

memory/2180-636-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:03

Reported

2024-06-13 06:05

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe"

Signatures

Renames multiple (4838) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\642e9f2c6f77e9f04123611d6eea8170_NeikiAnalytics.exe"

Network

Files

memory/380-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 0a7c25f35da7b08f5fef8ab2bbf3c989
SHA1 39908a16078be87245b764fb629274eb2ecb1012
SHA256 2e9e010f0e69ef1c423ee9bbc6345056b45a10d647386541f5f244f9ab3a50be
SHA512 e44c061011665fe24255ce0274f8867a85213d2688c57334262c4f801b9491fd86542630b16682d61cbdcec7bfc41be1aeac0e30144af7c42b58360a1ef54276

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bf42cf6e90b5196797f339ce1196103f
SHA1 d69ed541a1c64f77b1eccf68b12b43824d9f6fe9
SHA256 7617ef7df97f70bf3317dc7716eafc815b9e0d6c6728697af002bd994b9ae174
SHA512 fc47f80f22d883747ea190e5719dca9422cc1d07f4437aaea74c2d7d34cefc8af8c26ad4c1ac5f240b4c6bac81b6e88e1c9e46ca6474219fd81bd78de2d9fb09

memory/380-1760-0x0000000000400000-0x000000000040B000-memory.dmp