Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-ceefxaygrg
Target 32dd4810724690175711962ad901bb00_NeikiAnalytics.exe
SHA256 409cceea50a45534de2495f53e8218879a75efb4f75cb4c9eaa050b1d919931f
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

409cceea50a45534de2495f53e8218879a75efb4f75cb4c9eaa050b1d919931f

Threat Level: Likely malicious

The file 32dd4810724690175711962ad901bb00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3429) files with added filename extension

Renames multiple (5029) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 01:59

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 01:59

Reported

2024-06-17 02:01

Platform

win7-20231129-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe"

Signatures

Renames multiple (3429) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\JoinShow.asp.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe"

Network

N/A

Files

memory/3044-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 e46f75bf3123b1441ac1a71cf9743072
SHA1 fd6f0db0c0bf5d1564a8e1e5f3eb711017d49e4e
SHA256 e48c403c89c08baaf9c57832f17c3e97647b66b496923182ad093adfde0a6439
SHA512 a703c6e099812877e19e540b56c865eb5897a554a568a3751511d2a91a37fc040f4761f28475c530115b5e0f1a166952c81f604f35ad0e229ae7d9c7e93686fe

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 240343ba35cfb231bf61cea9e7df8117
SHA1 d95d8f5b441340075aa0f603f9af58239a3e19da
SHA256 ac4009454c970eb5e27db298ca1054d5952ba113a1528044d8e81c2a19af0fe3
SHA512 5494e3f721f3e4b66687a0b85f2a623f33f4544b48d21e98bff616e41d4224bc5b3caaaf57fc394ac804fddd2130fcdc99e22edd5135cfffabe3f91c0199ed1f

memory/3044-600-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 01:59

Reported

2024-06-17 02:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe"

Signatures

Renames multiple (5029) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\HideEnter.xla.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\32dd4810724690175711962ad901bb00_NeikiAnalytics.exe"

Network

Files

memory/4732-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 702997ccfef75230fbea110d1cfc15c8
SHA1 c3f9ff3940dcf94b25108e7ed76a43a0b79588ce
SHA256 2720e790e1f19da9ca217844b7956653b381666e290e8768bfaa91681a199f78
SHA512 1bcf758ff5b715852b079316b0299158a479b5d82c8e578ed53e6fefd424a65e54b7dc472d061bedbfde2c6ed5fdb6dad8f8df6edc0c19f37a7220fe1bbc5133

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4a3111e193a45fed3bb19909de7717c3
SHA1 e6516d85cff882a93798d5be3e504d63d09376f2
SHA256 982824decdd5505b66c3d03fbab6cc89cf2e388e6162e3c53d571e25e019c895
SHA512 38b0587374ee94ec8456379b726f84760f7f000ce17a3221a19b4e0974098a058368255dbb4d66b5cecfc0172b2b9fc8bc85c8b68473baa936e44a7a8a984195

memory/4732-1794-0x0000000000400000-0x000000000040B000-memory.dmp