Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-ehnvvsshrf
Target 445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe
SHA256 d7d4c17d5f15942994f16e04053136c53ececc2984ed5e4c75108090ca8c6b67
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d7d4c17d5f15942994f16e04053136c53ececc2984ed5e4c75108090ca8c6b67

Threat Level: Likely malicious

The file 445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3435) files with added filename extension

Renames multiple (5055) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:56

Reported

2024-06-17 03:59

Platform

win7-20231129-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MsMpLics.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpCommu.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe"

Network

N/A

Files

memory/2968-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 ee1f01d8dae67304e716a2426f50581f
SHA1 173016bfc3e2bdbf64a606dccbd57b9c43b5fd2c
SHA256 ca6915e83237456449fa691270b8b9413ce99f661fe641990908a2d9933b7dd9
SHA512 0430bccd1062b31c0e3c893e186792510e18405863e15ef50ab7e10803e429f0690cc178eca4d6f6988a6876713cdb6a3f2c64312330a6feafaffc2aad8a8778

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bed7416bcc5b539b62ea1a01b8331dac
SHA1 5895acb6a94f9c9809844cbbf112265d50a8b234
SHA256 8d1ef8ede3bf543f844140a1442b72e871ff17904dbbd4061b0f6bab322a2760
SHA512 f2b755b1e6661db49218b7692222cf8bceca0c81183625094dd9e67feed60d2f0d51882c45914acb5033a00d2acda443c021746c957db632f77ddc228f6fbf3d

memory/2968-636-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:56

Reported

2024-06-17 03:59

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe"

Signatures

Renames multiple (5055) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\445a58db1c82167a918c8c41e95f0290_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

memory/4484-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 ccebb876d7eecefa0b5f0a0f180d6bf8
SHA1 a9a6a2867046acd9dd639b72d35d5f7781e97c06
SHA256 61cb92534c1e582082486fbb6c0050249a7a1181ed4cffd75e8aeaf5e2a55893
SHA512 7998ad38c9a3e6af67567da4c92c7c1d3e902df7338acad2bf1aca722206513af539d6b81cfff960c370f83f9336625370a2f3daca66d19268242566b7b55cec

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 02947c964a138d96d53801ab95c5b387
SHA1 ac7139742e499d91266ad8c4bf73abfb95ede332
SHA256 a85094a2e4282029f9a068d2f1e19857ce16c7a8c2bf44d7b17053010bb61801
SHA512 e33f32efb95715fd37c2133eb094724023d40c8c584fffd230d50a2b30dbf4c9eeae4b9f8cc15bbb6d67133e5de25a4e9132a7e08dbcc246ccf522666cfc19e8

memory/4484-1790-0x0000000000400000-0x000000000040B000-memory.dmp