Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-c6al2asdlg
Target 9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe
SHA256 f481f21079b7d338a55f53490421298c7f396a7230ddf3518e5daf8b7c388fb4
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f481f21079b7d338a55f53490421298c7f396a7230ddf3518e5daf8b7c388fb4

Threat Level: Likely malicious

The file 9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3460) files with added filename extension

Renames multiple (5022) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:40

Reported

2024-06-14 02:43

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3460) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpshare.exe.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\README.html.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2108-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 72ca9256b9dd087e4588a5d6e6375339
SHA1 345574eab5f80e316504f3a34a4e17f1ce550a09
SHA256 c07f2ed6075df1a11bd4669384fa49a943101816725dfdd202fab00e5783c040
SHA512 8c3c791f046e14179628bbf599cb03de862bcce91df70744aa6a1c07ec257d54e9855a22fc553939d81eff6298611282d788cdc58c2d8d416c9473c836cd6796

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ce87b7bd5c9f99d8c8e2e09a022dc654
SHA1 6b210dc1e9e1cd37a5ebdcc4e392d470aa8009b7
SHA256 2b736abfc5b14a472cfed24ae550b3c22d276bad516edb638803aa36a25c0712
SHA512 50dc532c0ac942cbc640aacdc25b619dac75ac560d39eb106de108a240c811c563145382dbf58160a559fa394751845b544524adf8789d9c6980733f8b9e4ff4

memory/2108-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:40

Reported

2024-06-14 02:43

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5022) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VCCORLIB140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.map.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9be14931e8a35caa7baace33655c86b0_NeikiAnalytics.exe"

Network

Files

memory/5100-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 68ba60364e46686814556b4908ca4dbf
SHA1 36c14ee0df42cf599252c91e237ce803f847801d
SHA256 d969a95ee150e2c46e7e72fc40cf761dcc3fcce48aadcc033ca42e19b24b9ea6
SHA512 e6fedfa86762a8cde0f6ec446fb623f40c38d9e2973671e7b662f9f049447cf4b28e0d334d23f853916b61c39c54c0c210f6833232c94e1d273f0eb32df36d8a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 31a3b2d0cc821c40b7179798a16d068d
SHA1 82971ccd5b2a2247cf50fdb607c5db8c2b11a6b4
SHA256 ea7ec1fcc30a05b2a154b19f2310841b8742c0c7ad32a8a5826f2ef740ae8f41
SHA512 9ae45c300b3b17b23884120f33ce8b7b3b290e63ec55d29671789d0d5ad7ccac373fc60c03a18c82079700d689a61cb703daa260396972e81fa8ec13c45ae3fc

memory/5100-1812-0x0000000000400000-0x000000000040B000-memory.dmp