Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-egrkcsxcnp
Target 43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe
SHA256 8cc5207060c78b047d95b40d3c3bd339a4bedf02ee9466a67d5c934a416f33af
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8cc5207060c78b047d95b40d3c3bd339a4bedf02ee9466a67d5c934a416f33af

Threat Level: Likely malicious

The file 43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5282) files with added filename extension

Renames multiple (3448) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:55

Reported

2024-06-17 03:57

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe"

Signatures

Renames multiple (3448) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe"

Network

N/A

Files

memory/1032-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 e06209e6d8ffe8d63c4fa516f5a0e65f
SHA1 b3af4c4aab47d294b71dd7c2ae812ffde102067f
SHA256 315e584264e361fc5b0eac2ff4f862b6616890bafec4cc3c6f5261cb3e26e2d4
SHA512 cd61fd5273c63ac7459cf15460913ef1d050d2f13d411b064dd46185e9438c3b3fd87c07e906028e11641ff561f3d1f3f72cfad3f5873e5fdb94ba81e88de129

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 49b9543409fbbc16989afd757e619e2a
SHA1 a1b7af7935e963bcd6dc044b2c52f2fe26cc52eb
SHA256 70b07c1d1fc4ca929c558ab6ff9971ec5e2cddb11ead153621111c8fd6504291
SHA512 a6b04f1c71b75921986f28cde5f19c1f9eb182befa1cab351c741476475de66b96e60d930264666d82ac4a3d60b4b4288ffc75eab2af026de7f81205379537d0

memory/1032-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:55

Reported

2024-06-17 03:57

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe"

Signatures

Renames multiple (5282) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\43fab8d3fe2de5460c3133e4cdda2900_NeikiAnalytics.exe"

Network

Files

memory/4348-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 f409711dcd67c7e22523ec161495e54b
SHA1 7a2fa591abe2ca4882a48452262838ccb07896f5
SHA256 52fb87b1a7e0311fe39ce733695bcfc7ffac892c5ca4ec3f772d90e22e1df718
SHA512 78f1b74f609e07523ae99e9f9449f48d945f501a2a1695dbdeef73a0f484ca573a437891fa35e2fd529e130b173a4ac7b3b4e44ee623016f7b99d881b3d93322

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1fa58437aa76c02f8c0458b814661dd7
SHA1 87ee507e8efa54917e74d31fecf547b01b45cd7c
SHA256 d5d0c5798b38153b5fd1aef07639853d01eaaff0d3855c2809c4641302b58d9c
SHA512 5d4cbc44dff49b07bcbd8015064a5756f5b010e6cbb9cef4880ea36ed499f163bf3c7fe3957b409601e6c8cbfa10e1864b68720f029c7eea5406a1c349f9438f

memory/4348-1146-0x0000000000400000-0x000000000040A000-memory.dmp