Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-d61znaxfmn
Target 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
SHA256 e8edefec19cb2dc67c92f29fe4bee4b91fa52347b4fa2d6b0578a7714c94acee
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e8edefec19cb2dc67c92f29fe4bee4b91fa52347b4fa2d6b0578a7714c94acee

Threat Level: Likely malicious

The file 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3427) files with added filename extension

Renames multiple (5243) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:38

Reported

2024-06-14 03:40

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"

Signatures

Renames multiple (3427) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\SyncExport.vsw.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1948-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 900e9c597e220b9744cc7a8535ccd842
SHA1 06e674ccf45f1274738671d2d478e6b68d1f7bb1
SHA256 911fb86d34cee00aaa1a05ac8cffd466fc2f493c858fc5ec3e7997b4546a9461
SHA512 214a1c1cf8dd946bf20d36636519f8ceb4c1ae9bc0d7b2ae40d106d759030abf9788fbdca0340517e31675cad6f93c76a9f0c7c545deb5f7be527c51c15b6f26

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ac4dfc4728e789dc2024fa7199e1743f
SHA1 323486e801774f2b6a1bc8dd893001b21d349bfa
SHA256 6659a8a6d678f4744d6c8bf0b21ee0ed4be437d2b3ce83c7516cadce81d616cf
SHA512 17b2d2b4c0f98d689c42a456bf02fe1e08b0acf750289ce0ee04df66bc6889058b0783968c9f015f4926ffa0bd10d0947e953d324d03c9889a2fb0be66fce935

memory/1948-456-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:38

Reported

2024-06-14 03:40

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"

Signatures

Renames multiple (5243) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\HideUse.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe"

Network

Files

memory/5016-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 b52af79fb148fe9714b3ea36c8a6c3fd
SHA1 bfc5515347240573699f24aeb7cecf800d6cc48a
SHA256 dcafc54e42af55d1b139147ba50c147643102a954ae2c979676dcf971d786d68
SHA512 ca7586338a22aafedca94f2b95fa72192cabaaf477bad99a82ed74d5441b419b60d945fffc448f6ec882c5aa24b0e0e423bbb3c0faf9cec6d5a6b92cc2d9bce2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f8b1574c4ae8f7d0b2d17428b0e7f5c8
SHA1 81c5c1ef590ca38e422e9a652e9ec27afff4db4b
SHA256 7f53329c9d8a6c426f3862082d14404e99674295800d1cdc8e95327acdfeed42
SHA512 fa324eb6be98ea53ae17c2a0dcabd856b867e6c223b57484a1d0df41d6ce3227d7db6281ecca0df1777b881f6bb40fecfd201bc352c828cdcb7e9d25fea27728

memory/5016-1948-0x0000000000400000-0x000000000040B000-memory.dmp