Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dm6qssshqg
Target 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
SHA256 fca07a458d5574250564cc538261e76ff808b5feced1b8db5b62f9f4bb3b2699
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fca07a458d5574250564cc538261e76ff808b5feced1b8db5b62f9f4bb3b2699

Threat Level: Likely malicious

The file 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3537) files with added filename extension

Renames multiple (5200) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:08

Reported

2024-06-14 03:11

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"

Signatures

Renames multiple (3537) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"

Network

N/A

Files

memory/3068-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 2cf3db3307990c3cd0bdf8acced91998
SHA1 bd2452204e815cfa8ad49a9ada1d4d0951224e7f
SHA256 2e8317e7551470588422f15ab97def11d3939e752b861e05de0fae7632e65952
SHA512 3ec800b5c39964fcdc4c98eba4c88c862663ad3d5e689bfd54ad78a44f9528c543014a9011f2f1665e7d2be239b57ad4f79626b77223e1c1a7d136fcea1d449a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cfc794f7b6f3c35ff9fa51aa0c97e45a
SHA1 69d6b31fc192ec87928535134e6060db9b94cc22
SHA256 efc669b2f5981780645764cba65b487e693a4ffdacb37ca39098f0aed6cfec83
SHA512 c4f89e3b22e7fed933b61db0b3ed1b5e73235cc5f385c05301706ebf73e5c51bea98205007d532315f4ed0419a14826adab9133823bdb1e7bf9ec39f0a67f2d2

memory/3068-654-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:08

Reported

2024-06-14 03:11

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"

Signatures

Renames multiple (5200) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe"

Network

Files

memory/4156-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 38d1d3668ac592a59a4a0a6c128c1b7d
SHA1 7a11af00d9f3fba4c4bd5e1237f78c793a533860
SHA256 58216b06027988783c80240a6a29a16491c602db4193aec05a1d6fb78ae5ba89
SHA512 640dc7e38fbece7e6f421201e2a907a8a1bf2ca348de420471a29b95775637d7256bb5fa76b6c24fea0bc4bf8811e902af640511afc029c3f48c93744c1cd6d6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bf1e2eca029fe0d9069574553edb7f23
SHA1 1501d842dac443c6f76c6e0994f6a91c54e5d53c
SHA256 e9ef12970e6b7c3effdbbeace858605b45d67b580e9bed6e2f5e2fe5561943f7
SHA512 d06d68f228e328bed19c13676a7410cf82ab21e9b63e22f956b1747c44dfda845953eeb6f6690e887d371d3daf31cd1d45c6c5f309d422466d3c62b19f9a7776

memory/4156-1962-0x0000000000400000-0x000000000040B000-memory.dmp