Malware Analysis Report

2024-09-23 05:00

Sample ID 240613-kwpl7swbkq
Target 6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe
SHA256 2c8db97b2ccd19f32d3004a141880837ccf7ae9f9accd6c9a245574e3c32f569
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2c8db97b2ccd19f32d3004a141880837ccf7ae9f9accd6c9a245574e3c32f569

Threat Level: Likely malicious

The file 6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3781) files with added filename extension

Renames multiple (5057) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:57

Reported

2024-06-13 08:59

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3781) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\GrantReset.ico.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\RedoWait.pdf.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2176-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 2e365710d9176c059bd68181423b5cc2
SHA1 e3b5895b8373e306f40909530b2b60053445e8bc
SHA256 070118ad95f73be60dd7b25e272f3cbf52c81d7fe0f7d6af28bfae8723f3c457
SHA512 71dab18de096ae032274c68d7ac12691eb5a065832ed9c0737420ae81c97077a7f8e383232c935971c3582348ac3ea5d516b562d30aa1cd2cde907398533ef91

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6875916c689e60dfca4580267b15c784
SHA1 f9e8074ac788ddd12c47f43142d701391af4a4bb
SHA256 6b8fa8fd419e4d5548bddeaa42cbb0e6298b6cb7ce0b2bbdb8aba40f5b38a06f
SHA512 3a4b38cc1cfde15adc9a461e8fe494eea7f86aa559763b7fa55d911a72f09496f3b8d8ea876551f0bb7dd552fd9d0a64116504282efbad41fcb5166612ebf834

memory/2176-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:57

Reported

2024-06-13 08:59

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5057) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e9a7a401c65a66e81239a16e11f85f0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
BE 88.221.83.209:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp

Files

memory/944-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 9e14e470101d1eb5dd32ef2a41120598
SHA1 1aabb400bb6b3986c9ebd51708101ca7fdea55a4
SHA256 f7204e3c4bb57c31c017308739c0b03b550caba0c11178ad9d74abc0ab2b2f9a
SHA512 bf982485eb6fa603d5bcc0bf2cde8730e983b4bf9d232ddf9714d30c3ff3883b441b61003a97125e6d3fac46f5edce8621c81dea267cd955e6273388ee52ef4d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b5067dc6b8c7df5aea183e1c22c1fcb7
SHA1 2842270d9dd1ab83f06ad15d2e0aa20b5d8538e8
SHA256 3e78f05208ff4bcbbeead36f7cba7884d23cd57e8a0adc3b4ef7a18321a35381
SHA512 38383c230025b3ab477563bdf1d36656c9175d0dde91c2f20572e9fdb05d8641b63409ad03a61a4b9a0fd3977c431287b14bd4d3990d642a9c943b4c788f9a03

memory/944-1082-0x0000000000400000-0x000000000040A000-memory.dmp