Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-e6d1kaydlk
Target 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe
SHA256 8ad3c97ecb1966015416881c846f7603bf9647645d78ca335ec360b6fd072041
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8ad3c97ecb1966015416881c846f7603bf9647645d78ca335ec360b6fd072041

Threat Level: Likely malicious

The file 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3460) files with added filename extension

Renames multiple (4821) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:32

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:32

Reported

2024-06-17 04:35

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe"

Signatures

Renames multiple (3460) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\SuspendResume.mht.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe"

Network

N/A

Files

memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 1b663b0d4f49156945e3dcc0c5b281ec
SHA1 3738fdcf50a33abed48c5e60aa8c3d1fbcb777f5
SHA256 4847b4695ab94496ac6270e210234bbd149923b32de4a8ac81bea1279d49e313
SHA512 000f2374646863da6abd18aa3cd229c076288225876c015eb6a1e26840a19b1a7066098d00f5dd0cbd1f6adf044f19781f59e4c110cbfd9388fc06025de32ed1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 982896b1f582d4410afa37f32c278144
SHA1 41f6d11dc7e864d299446a4293202e39b9f57abe
SHA256 275e3859e883f1cc8495a1ccb5389002b0ff9af50ae4089c0942ec24999a9975
SHA512 b18d197e79dd960b9294eaafdbb2ce8d5e78ea6eaa1c0c9e6afe56fecaf41c57fe166167a9c3562cf2f8b5e9388050a2de1b81a44b5c3cc3afba6759c7b6e0b0

memory/2084-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 04:32

Reported

2024-06-17 04:35

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe"

Signatures

Renames multiple (4821) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 2.17.107.98:443 www.bing.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 98.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

memory/4500-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 4cb80e91057a71097f167f6f1adc80a6
SHA1 783941f2f213ee94d9fd9af4b058679692555327
SHA256 c189b5d3c55a76c304c7a63c2173ee315981720048cac007e5724c7d5ecc80f1
SHA512 c200374303d525e4c58bf883e5127f2e0c27ebf7ff5c89f4e4aa25be42e1516359d79a6a46c8ff4a9cf77af6e884517143302266086c74971b71a6bad6446dc7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 39f56d4ad650ad19f2644e4953264480
SHA1 3a696a1e2c16376675ad55c67743ae22e524e9ec
SHA256 beb5b37903585405147d782f235fea1cf1f3a9df975d917384b938e9dbd57a88
SHA512 14ccc9e992fcd2f9c0de407ce900fcbb97a5b4dd7558962e5152bdcc5dc28280441f3edb9560e2a111a7678dc287c160aaa5ca1adaf4c3d17d1a6f2ada724a17

memory/4500-1710-0x0000000000400000-0x000000000040B000-memory.dmp