Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-243bpswhrj
Target 1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe
SHA256 7c6f47514f36e4b8407c0cd71684fc6af2747a262291a008d3b202695f97128e
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7c6f47514f36e4b8407c0cd71684fc6af2747a262291a008d3b202695f97128e

Threat Level: Likely malicious

The file 1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3486) files with added filename extension

Renames multiple (4848) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:08

Reported

2024-06-16 23:11

Platform

win7-20240508-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe"

Signatures

Renames multiple (3486) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\blank.jtp.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe"

Network

N/A

Files

memory/2580-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 6979c78c7864d52ecd4654081a5c0b36
SHA1 d41f155ebab31a52ea7c7b28911bcb964a823a1a
SHA256 4de2f986c66644e0aeadff477dc2b5f2df8e606cb5205fd5fcdff085ab4ee726
SHA512 2f25150f818dc8328bb3b887951e5378b3b3f7562a797c8e9c96cc3cd9453ffd13c9f4a93e97d7b94512b624a9267fa9b399e9cb89c5aa4f3a4f28617216d59f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5b3c6a095bf3f005c22b1a2f29b40090
SHA1 e4ebb13a3b722c81832dd2f1852eceb79b68c3f9
SHA256 2f8003b6ca4adb915c3aa8ac7d6d9a85ef0b89f2f3d14dc02730dba5d1d2b828
SHA512 a8cb8e673fc8ae27ec4be876241d4c407fb91104973dc77e1fa486aad70b19916a843e5869f9cd3eed1a1031a2a8526ee58e1da00e3160aab7e6f43f4b0a6e65

memory/2580-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:08

Reported

2024-06-16 23:11

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe"

Signatures

Renames multiple (4848) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1a15455eb60203138368cdbdac2d0000_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4060,i,3549704109630749084,1975543916261970610,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/3908-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 41ef803ae0474a3f655043a23f094cd9
SHA1 f222789290dbb821c32f9c7f342064c96bcc755d
SHA256 706e83335ab011573ad6c42dce3a52c948285c48b85f67397f6ad8a7527312c1
SHA512 99d376f404e2b2ad26be1d2eee4e19b7a53a9618009a2704a819d1bc7260425996b769c31716f516c8a8754bf17e40e7594c9b89f9c1434b295651930a229e06

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 11be5489fb04b4293d532079dd089472
SHA1 49709c468029dfb3463c3f6412d287146ae54a09
SHA256 dba2287c24afbe6f093caf9cda3715f22066bf742fb378d6d3bbf743c639206e
SHA512 b1384b84936b9040384f95384999f07c3ca4ce7e8ddda90c15a1b7be3980a95f499e3a7e9b877ede085f2d576466edaae299419e8cc720cc927573697195832a

memory/3908-1788-0x0000000000400000-0x000000000040B000-memory.dmp