Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-dgfbna1grh
Target 2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe
SHA256 9229ebaab2d7c006a5668a5f96845afe038647ba8ada2cd5c8deb86ef56286da
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9229ebaab2d7c006a5668a5f96845afe038647ba8ada2cd5c8deb86ef56286da

Threat Level: Likely malicious

The file 2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3265) files with added filename extension

Renames multiple (4838) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:58

Reported

2024-06-11 03:01

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe"

Signatures

Renames multiple (3265) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\PipeTran.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe"

Network

N/A

Files

memory/996-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 b036e28c70a2ef26c5bf95a85b66699f
SHA1 f4b29a3c5fab56a6594e2c8d625e8b9fc40e5c39
SHA256 63daf452f1c3c39791df79fd4bb39774a14aa4f24bb905c03315858756cc720e
SHA512 08abb75bcc0e84cfbb6da46c72bc36c369a72b748d1c063e642e9456918b3a07a9d5e8faac72f5fecb8295699020b7626f73e98207b9b51a29345557d46ae981

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9d5bf0f0e74cea7179c7d060080c9992
SHA1 3cbe9f2b4057347898f51fc4ff3794de10c90412
SHA256 6de5433355f682466d821f1475b114e6255879532bd988f90640c951e5d7f1cd
SHA512 b0763544e7404923994c758f319d1acb808fe6e8d21f95718702167e7aaf879e042b00bf5682f6ad2bb2754e3d76a5edd35752e60d9d7e395bf2cbb397abcd45

memory/996-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:58

Reported

2024-06-11 03:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe"

Signatures

Renames multiple (4838) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2545a939d1dc843bb661410e2abfa230_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4568-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 f0ee0efd70465fa16fd9fba33ad65bdb
SHA1 6365bd9647291d83f123741432b1f3fa5c0b7491
SHA256 d16bb9730b2de7473c94e311610c3356e25b30860c50fe370daf3fb9e58108fb
SHA512 49d61f2e6c32f90583a5363a5ba59f0438423a35ab8fdd2c439c64ee1de78a577ee867637c53b2189289b1665a294f58a49b0a745c7e332b53b27d3ecefad667

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 975dc73694eb7087b71cfa8736b07eff
SHA1 2b1b5d1fbbcacaafbbc9370ba05823cccdc0f6da
SHA256 14d94456d21923ae5b1ed2a3383d976633325b64f8c8eca89716a79e5532b84f
SHA512 7957105420ea2409b0e6273831b6f736a95d99b3a3d84ad0109cdfde070a55a7a578dbb17e9f2f9bf8287557ca948516d3c9b2e4752e9a73ac0a2b5f659f5300

memory/4568-962-0x0000000000400000-0x000000000040A000-memory.dmp