Malware Analysis Report

2024-09-23 04:38

Sample ID 240614-ck6scavglm
Target 9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe
SHA256 03d8c334ba3d5d5c910528b59a10f60c091494461bc4a703284bb3ecc9cb734c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

03d8c334ba3d5d5c910528b59a10f60c091494461bc4a703284bb3ecc9cb734c

Threat Level: Likely malicious

The file 9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1113) files with added filename extension

Renames multiple (5180) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:09

Reported

2024-06-14 02:11

Platform

win7-20240611-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe"

Signatures

Renames multiple (1113) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 1ffee981d75e72a8187403dee5c2d0dd
SHA1 f5f35958846924f15aadfc0c0794d21196796f07
SHA256 3bacbf499a589580da9ba272c35eb6848d92478379996c57557fbc95f2368855
SHA512 74333ffdd4f7a591535244400eb91645d3918315f599bc619a13df5da19586c0af83add66f2d364a9ff215204b82886a1b56dcd9a9aa1dbb7765af9e8729c51e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 29fb305df26affb4009d2e8f4eee4513
SHA1 f50524baf0c76e1eebaae7667aa609483d684c8b
SHA256 27f3f7b3beff47ebfb1df7c08e7a3f85d632d5cbd979d61e223a899d99fa402d
SHA512 fcd81e28d62ab588b14624b5e1381bea015a18a2c87bc12e8ef227fe880d75e352c23e47d6cc90db87fa8afc0af701307c37797943b623a5927eb4056ba7c9c2

memory/2056-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:09

Reported

2024-06-14 02:11

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5180) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a0d5a286b67b9163547bd6ffcbb58e0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2712,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 0763b01a3b591a1bf11c0ac2d37dae3a
SHA1 eb7e91401c0b76e7f9b287752a5bbcea2c197a85
SHA256 38f23173608c17dd08bec66cbf28f5a9594ac84082c0ead11230f38ebced198d
SHA512 398e853f466a65c9356baa9f77b157bdaec09f69f71481007bba39fd6137b35a8da4b8febb7c954aeb18942ca1e53ca3ca87a766572f9c970664833bb9965dc0

memory/724-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 da60fab61cfa3eb9e37730ff1f5916bc
SHA1 a5a079cebe01f1dddd2aef5d62a6e2b6ea07a2de
SHA256 eb002f1ffeeb6f3b802046220a6cb726530b3fb1445c485e73e135ba6d660c04
SHA512 d1d3b6d26a297847952c8c94758ed45086c595f2b3dbc3d7279452f4905ff1708333d4ab7875e83c120aeb64ed409b0703ed5d929f54cbb64029b3e414ee9706

memory/724-1118-0x0000000000400000-0x000000000040A000-memory.dmp