Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-a3wzrawdnc
Target 2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe
SHA256 237d9eddc81367664e70171cdb85d941a5ef2f63b0e08504884c98d7c0de73f7
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

237d9eddc81367664e70171cdb85d941a5ef2f63b0e08504884c98d7c0de73f7

Threat Level: Likely malicious

The file 2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4841) files with added filename extension

Renames multiple (3451) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:44

Reported

2024-06-17 00:47

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3451) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\SuspendRemove.css.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 b4129efb88a38de8ef81c8739f9f28cd
SHA1 110da652e508fd03062cf057b3dc9513e48a3bb1
SHA256 c636b4e83187938804825a1b354a9aff4c2b3baa65e937670270474d86011ff7
SHA512 d19888503b6a1d4dd360044e8d6e0017edc9031e66d146e6fbed4bad30d6f4845dfedf81274b2bd1224ad4cea5155152a8febb777a71be3de5206398e2a7fb6e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d255e1e06f25bfe6360b96a5ea32eefb
SHA1 375d40fef58c7f8c33ded073d3580b6ff7df49de
SHA256 4478da387e4f355f4317487f4e93340c8c4e20a882f4e99ba00c18ce1f58c44f
SHA512 122e35cd1ef9b677ac98d3f1f92a0753044b5680cfdc1aa76261b6b0afa3065f5a81e03f12892d4a31b5f278bc95ad20613afbabb395f40d466f43699d2e190a

memory/2528-558-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:44

Reported

2024-06-17 00:47

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe"

Signatures

Renames multiple (4841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2739353168970f9c1b6a9b4e3182deb0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/4852-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 fb64ee8d2ed26c6c60ea4a419df6f6e7
SHA1 cdc2c3eb0df9c8b206028733936ecb854bee7daa
SHA256 df44e6226ece1c18976299b02bca9ad4092171fb61add42e6365e5c3d66a08e2
SHA512 5f00dfeac33ba503037a976a9387362af4637672485d7b179617dfa352a3962c35e246c590c2c67394bd992e9b81557b8a2f7f6e527dcac8ef8dbcdae793c586

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bd3bf4f514b45e02bf674f8dd363cf99
SHA1 642b1bda4b81faee31684fefcca48009a4e340fc
SHA256 de3ec0f5a28ea8d7c399caadb02445f3af0246800a518e4c2c419a22c92980fd
SHA512 a3464028a8fa4e4e555cf515f7a9ae1300ec9340a15ac21565fc7839ebb695430f35d1dbe22f0ecde999d3967307baab4d34cfc28aae8db159f08f657f993cba

memory/4852-1796-0x0000000000400000-0x000000000040B000-memory.dmp