Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-dnvd6awblr
Target 3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe
SHA256 e41952c97db8288523d27961ccde96a70304413d9232500f312f0bda41ae707a
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e41952c97db8288523d27961ccde96a70304413d9232500f312f0bda41ae707a

Threat Level: Likely malicious

The file 3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3694) files with added filename extension

Renames multiple (5232) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:09

Reported

2024-06-17 03:12

Platform

win7-20240508-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3694) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\StopConvert.snd.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\GetConnect.vst.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1384-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 74123d0e7230423f4dc41369f5a2779c
SHA1 3955b25054d799e3459a0c574737ca573dc71c9d
SHA256 36e9a38edec2c2c64c256166624997e5871ba052edbed64c570988705137d4a7
SHA512 3b4bdaae8a4b30f9ad54b714951a2e032d9faf6b4adce2c27385409835deffc6d4e41deeab41112306538d188a4916f463682b5888ffc93a9477bba53e85cae2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b86bdfd87eec86f04074af1a03e380e3
SHA1 c4d1f36c57e09cce015fa67b09bf2e7b8e437076
SHA256 a66c8257462d8c0ea2d5494c4abf1bcb10fb7de8516ef8b6b6df550020b0c698
SHA512 157fd77c9a488008089accef653bfafcd522563cd446149c277682e4ff9c66611d8587364cd95401e317ceb3b9e1369460bf815fcdf4f955898f5a322d7fe29f

memory/1384-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:09

Reported

2024-06-17 03:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe"

Signatures

Renames multiple (5232) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3ce5e577b81d85c7b5e1eec1de521cb0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2860,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4664-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 e3f1d2e5fa922bf2036621cd51177d5f
SHA1 053246feab0318ebeafb9d4ca5793bfe85b1e21f
SHA256 56d42f04a598992d434e4e0f5bd1da311a0dea5385a6e26b692d5a7d846136db
SHA512 921ae71004bae1260d1e302d42442d31d3452aa02faf88273ec5f7bba2dc25fe891eabc7a8b00a90d3234a28bbce31974f7eceb69a7119000634b9fcd769078e

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 7b6ddf05a50738368ddeb54a3bfcecd1
SHA1 f0feb8a0b5b140904539068044842b90a369db39
SHA256 be7eb68c7c2e1f5fc9f0846d6608e021ea1c952eb08643d982f7285d26081265
SHA512 f06cba7a7906599e8204495163848379d78d139ff8f8c5c8b4fac5a97a80b9ff9e8968a556384d4f1585e80cd27cd3af2c53fa02385d312c21e4d9f2b2de5862

memory/4664-1952-0x0000000000400000-0x000000000040B000-memory.dmp