Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-3enyfsxejj
Target 1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe
SHA256 5dab4613b10b37b7b6f92324fc1abc83259297596803e859a0137a4269bf4756
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5dab4613b10b37b7b6f92324fc1abc83259297596803e859a0137a4269bf4756

Threat Level: Likely malicious

The file 1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (659) files with added filename extension

Renames multiple (5010) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:25

Reported

2024-06-16 23:28

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe"

Signatures

Renames multiple (659) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe"

Network

N/A

Files

memory/2232-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 c8b467fd789e6da6f82d016c83ef8e22
SHA1 4bf7561031438f79b46998340dd0ffae27bef098
SHA256 73119853a8533c50cbf03067f52730a8f4a98738286bbfb0c0aaebaf550f8dce
SHA512 175779e8d7a37dec908e7622ffb6d4581946b220798deb07264dcd43f73abc73901fb039adf4c69a7c5aa58dd3c38f738f770c49a720c91b6fb7d9db9de2a394

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c3576ecfa4b1bd4fe39ac5ca2fd3932d
SHA1 93242556aa4e4c9daa83f298d5998b5ad5c67269
SHA256 82c5c468519396d862bff6694dc481e2f7851e7dc4c1a88938938165b5b0d195
SHA512 41a3f3ce94b2e57da7862ec20e51f80e7d10c502a4b051fc229ee736238fe13f27f0fe0337b542ad1d703b161bdabf7906476773861a6c8db629692ab1bbcd6c

memory/2232-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:25

Reported

2024-06-16 23:28

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe"

Signatures

Renames multiple (5010) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1c964ce85d10cafbc8386af08e99be80_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 227.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 89.242.123.52.in-addr.arpa udp

Files

memory/4196-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 f67929270a13c4c16c77141381bcb6d1
SHA1 91f21586e5f1eb816fb4617a9b36eda8e7c2a4e8
SHA256 3e3198d8febbe6d2e6ebcb1289d8a1580b3ef08c860aaafc3555c8d93a0b9e5e
SHA512 c79843cff64c12a603fd4672e8069ced3a213cfa38ab2ac7c993d781f41a7a667095cfea015e9431056e01fe16b4652aae339a91680cab49e9fc9dfcd90a33c0

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 13473c102ec199947e5246c9fb019108
SHA1 14f594fa6721c59bf9a5142e830548c90ffbd6ab
SHA256 1ca3ad7f637cc82ed5bfa95a1ae6dd76663094d9830246b4eaded265a8dc3c3f
SHA512 d257fc9e7ef765c1ba5de9de46a06352d5a7f7067a800fa064edb4349dbc39f4dbdbc988b086ec4887d547605815d8964519a9032330aeff0f9d1c90caaffa25

memory/4196-1790-0x0000000000400000-0x000000000040B000-memory.dmp