Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-rc198axfmc
Target 4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe
SHA256 e9f5dabbd2194a2e845c293fa812dc8aecd1fd61b48b8f48c148718cf0b5932a
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e9f5dabbd2194a2e845c293fa812dc8aecd1fd61b48b8f48c148718cf0b5932a

Threat Level: Likely malicious

The file 4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3739) files with added filename extension

Renames multiple (5184) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 14:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 14:03

Reported

2024-06-12 14:06

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe"

Signatures

Renames multiple (3739) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwdui.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2204-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 72f21af507f3b4ab16a729dd7f213e7d
SHA1 51b8aa9adba503c25a89ad6c76496e051f58721b
SHA256 c53dc874833f18ba42b56c972c92cae5ea08228273950ae1e905a5a7fe707f0c
SHA512 14391de1e4b0768efcf88d4e35070678d5b3b02dcb00495a1f59e6933d6f08d82bbe6b3a6ebbf9f62d0d7ef72aecdcc280f5cb1b33f8b3043aee931a732ac920

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c11b327ffc569b2fdbb3cc984a9ea0c7
SHA1 4c48d6b2daa6154eb6687dd233a3dcb0b33b3ed8
SHA256 3c48932fd082d31c54f6f19554a82530da35bc4b2d4992dca4936330b4ebdfb6
SHA512 91a99cc8fc24e82d18c1610094044e26e8321d7f4d4e273d32f7ed1996003dbc540434047dfdbc05f6065d7ff341279b64536e20b4e9e4321d14eba32de19f1c

memory/2204-658-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 14:03

Reported

2024-06-12 14:06

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe"

Signatures

Renames multiple (5184) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\README.html.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4048dfa5c8639391337e7209cecabae0_NeikiAnalytics.exe"

Network

Files

memory/4564-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 f2b5601f2c2eb9cd47a694f0812cdadc
SHA1 9ce6a80dffd8ff169f49ea38fedd5a2b92c9021d
SHA256 64e0a71912e6faa73a21e548a054ef66b0ed3dcc0e2e9d56d8866b2b836b3a4b
SHA512 e1db5e98242e97095cbc773bcb730f52bbf127e95f8c85b9295e14c061566196975bf566d4bd46fb9cb5da946d2f5dd551e3b075b154f3a1f5c0e0faae6c36b5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 56b9c416bfbcaac30f20fae80257a9de
SHA1 10d327523adeb2123f3f757735bd64f56453e84c
SHA256 bc0c4ba72d2382a868b3fa33a406c1ce9e13fe4c50de408027e5678285752b97
SHA512 489062eb3ca6cc0da8a0d1e48fb028d06c72fb459bfe17691a4e0aae525d2477034a1024843172cf68dca01b37e6a89d895695854b718c97dd9561b9dd6d134e

memory/4564-1950-0x0000000000400000-0x000000000040B000-memory.dmp