Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-kv3sfawbjn
Target 6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe
SHA256 e9480733e3504df32003efbb31f39388d33f135004aabc3e1df1c9905868f2b9
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e9480733e3504df32003efbb31f39388d33f135004aabc3e1df1c9905868f2b9

Threat Level: Likely malicious

The file 6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (227) files with added filename extension

Renames multiple (2344) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:56

Reported

2024-06-13 08:58

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe"

Signatures

Renames multiple (2344) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 224.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
BE 88.221.83.232:443 www.bing.com tcp
US 8.8.8.8:53 232.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp

Files

memory/4780-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 aed4eea0985806d4cf7746414f05c4cc
SHA1 2da336b5376e020c3a1aa7d8c8f3cf0a81cf70a6
SHA256 fbdf531b4276e4086773c9108303c08de3891371c31ecbb8d0aa7a82991556da
SHA512 e8a995612c281c9c74a1cfa96f65d553e5735983dd7fb902c70dbb57dea67cf1fc933d8ac042c9935aa4e41880bd887d2d45f40de2409ca58c148da7fc207611

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8d86d3fb7c630cb8aa771f37ea4d99a9
SHA1 bc47faa29cdd7b83144d86d192c3624803ec4d80
SHA256 f23a3af722e0e6cb89994fa8c1771b36f0a1307eee87d4899af9a7bdd2d1f1ff
SHA512 ae01099afe12a73e09738224fc44e91a1bbb0dc8e99678f65054a81064ea39a00587f3323d1827b7f014a247c58d810fe5440b2236b3933e993abcc30c64a3fc

memory/4780-900-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:56

Reported

2024-06-13 08:58

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe"

Signatures

Renames multiple (227) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e78e7cffa807b10a740acce87d506d0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 90c30aadfca59c6c6b5420b5f2b49023
SHA1 6403dd6d1fccfd51ec133f9e76200150ececa9f9
SHA256 73c6995be8043c6c80ea8f66c605f8ca2efffd98dc17f21a70de64ff6f63a92f
SHA512 b37bb0545100c05de4ad5b2ae571f9849296f3fc8fbaae45b7bbd2f039f5f82eb433d55a64d118b5766615f9e6d5c2e331e6dd2715eab842cbfe94a0e3688c17

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2082fd616eb7db423abd55adc4d7ceac
SHA1 94fb5225ba29fa2b8beb8359a735eb31265954df
SHA256 6b3c1e0f7ad6769f62ef1bf1c8e0dd797fcc41e3633bca76c562fd3d21953377
SHA512 33d950909655b1b84357355798d642c90dcc80a14226b6ebebcfdd5c008722b90d17c6fec690f07735d33b8d8b96506f14f2dec59852b264dd3fc98eb6578d13

memory/1704-50-0x0000000000400000-0x000000000040B000-memory.dmp