Malware Analysis Report

2025-01-03 08:29

Sample ID 240617-aeqstsygpp
Target 22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe
SHA256 5dac50a464c4762a0eac50b13001cce3780505c512a75207989e96155ec6f0b0
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5dac50a464c4762a0eac50b13001cce3780505c512a75207989e96155ec6f0b0

Threat Level: Likely malicious

The file 22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (595) files with added filename extension

Renames multiple (5238) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:07

Reported

2024-06-17 00:10

Platform

win7-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe"

Signatures

Renames multiple (595) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DenyShow.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\ConvertEnter.wmv.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 9a30720d2ee96958894b4fc0aef2ed4d
SHA1 eca2f0e7ee8c17910b759acc0c74fa39be777bd9
SHA256 abe39bb227187c9c0432df7b6f51f3c5979d9d6ac1127c49805854d8e319474e
SHA512 5e706573a88d3f9736d30496ef669214eaba4adaddec34bb62a3333cc871f2d39790ddab28bce1285cf5dc818b5e9a2e1a54c20beecb90e2eb305b18523db0f8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e7a1ee4d6d1a06e35635d9d4c777c358
SHA1 3fab238c86d6a00fbe9f6259fe99d79c18177ab4
SHA256 da61729f6974e34290626d76acd39ac6fcc98690b3961a9988e60bb3d8492fd9
SHA512 7dc8f1d16133ed849ceeaae8030ea33b84c2ccce20b4a2c7fe1703a6fd05dedb41ad334c723e9845a5fa7a1e347b14c901ea0005f36266a3acc0c3fc35dae897

memory/1704-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:07

Reported

2024-06-17 00:10

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5238) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALAB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\22961fda9cd4fde45c8e657f73fc37e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1076-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 95904058022226f70c09fcf4287da7e0
SHA1 d97f560eaf55b93e69bc5c614e29284ffd197dc9
SHA256 c3b83b3992ca21036953a9771b4d4437a2e7eaa0ce7c2ac72321e95c1326e792
SHA512 0fda54dc784eafbd3d79248aac8b7a9a23e0201f74ff2c2571b9b202f9fca92c306276e1bb354f204019b22bc4921feb61100f7363b0864b65d1cfbf986f50f6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 598b135a793f17132ddc3d3fd9897ad9
SHA1 b70178295b4ed39b935add7f182505a7900bb55f
SHA256 a3e1074a066f1e44bd80902f38648b788f3524e6b2c521a197c390d12923d3f3
SHA512 004917843201bae8c95d9a7efc692f4688d867bc5e4bf8dfa35dea8da5f1b847376776d290e0881d8aaadbe365146f70d4346a94c1c4f6e9399c62b6594620e7

memory/1076-1946-0x0000000000400000-0x000000000040B000-memory.dmp