Malware Analysis Report

2024-09-23 04:36

Sample ID 240614-c7c4jssdng
Target 9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe
SHA256 5094c9c2867bcf734f9522b4850f9aad8351d83dc789e46a9be7d3403e9574d4
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5094c9c2867bcf734f9522b4850f9aad8351d83dc789e46a9be7d3403e9574d4

Threat Level: Likely malicious

The file 9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3490) files with added filename extension

Renames multiple (5264) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:42

Reported

2024-06-14 02:45

Platform

win7-20240220-en

Max time kernel

150s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\StopEnable.contact.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\DirectDB.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2836-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 c25e5cfd1ee97d903438ed13cc39a818
SHA1 b918805dc49289718c856b3352f73eaafd21ed62
SHA256 fcf58cb225113d0ef78e8f32f133706c6862b9e182f5aac5d403496f0ea23969
SHA512 ff7d72f6aa2ed7dadfc32086e421ae08404ff636b13b61adef53543eda29247f0763b567d23bcdbdcfd999ab09739a8ae3e869057508ca2d283b3c7b5b08c5f1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 82cfa965dc2c7423ba0f3484c363d036
SHA1 6433983c47f4e551c6638af844af4397c963cd66
SHA256 af02196e2d7388f19d9bc6a630a5d41a6d285464616e7b0ace0fb57d67704499
SHA512 b40b7e97f78721369c469ea1c5252e596075431c8713f04114cfbba6c5f355d2c17477b2163192dc2527a783ce0e684512ecbbc2c95f97287c579b299eb19ab4

memory/2836-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:42

Reported

2024-06-14 02:45

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (5264) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxK.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9c142b86344a3fa093118ab2eb809cb0_NeikiAnalytics.exe"

Network

Files

memory/4384-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 4460ae9552df506bc188436736ff7395
SHA1 78a7424de51b9a2a5499d9ecfad54aaf513a20ad
SHA256 096f21654c04abb39569b2d9716522222d432ccc072ddd64bb5870414ee1f328
SHA512 09ccd77e31535cf90f7022f1bd3589be4082ee1b279c69f1fc8c25ab1d24eb0576fe55879e6e5d1f04415ec1ca12c35ec1b4f2ba1ef220e30b845f6b0ac10070

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0ff8b78975693aed8958e636082d4b30
SHA1 56459a59b027c2354d0d50c09a250ae9e2891b0f
SHA256 4788fabe1cab85d84112e7f6eac7d62a42dd29948fd0a0990b7df8a60caa8af2
SHA512 ed64ea3fb4d44edb66dfe41c842f87812c26d56ad220d75e434e2dfa0f6492ee142674d0bc4107d4f295deeede7390e79ab495e4e9c97a9f9540b02c00ae8576

memory/4384-1212-0x0000000000400000-0x000000000040A000-memory.dmp