Malware Analysis Report

2024-09-23 05:09

Sample ID 240613-bk8fhasdkj
Target 52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe
SHA256 250653dd08958f065b1051a22d851c34aeaf9fc5a3633979a6206831504a0a7c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

250653dd08958f065b1051a22d851c34aeaf9fc5a3633979a6206831504a0a7c

Threat Level: Likely malicious

The file 52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (2703) files with added filename extension

Renames multiple (4372) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:13

Reported

2024-06-13 01:15

Platform

win7-20231129-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe"

Signatures

Renames multiple (2703) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe"

Network

N/A

Files

memory/1920-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 0941ad4ee77eab853a0551d70ddace5b
SHA1 1e5b3113399b71a32a105902733c651f55f637ad
SHA256 4b22192a610599291d3e03194d8309b0b4d72f33962050b33c0f84d2b3cdb7a1
SHA512 eb495dfeb679c22da95d8972f8fd29ae7c33525e3813ff4d9cdf1ee11bb34f6c3b336f81b078571f85916f68625346910eadff960e4c3d62afbd470a877b8d93

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 badd4426a8f086f663c17b665d3bc7c6
SHA1 f5bf3ec2f0749404208a4e494ba5e7e29b869475
SHA256 745d8da687fd60b3a5ec9293098f0f97e523db815d92bb74ce78ea8411767bed
SHA512 7bf405bb60e8a2e16ca8d53976f79973b43fa978ae291c12d6074b13803f0f6cb7edec148599a8de67fc235da989065218234d1d24521684bd7f23f7c5557733

memory/1920-390-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:13

Reported

2024-06-13 01:15

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe"

Signatures

Renames multiple (4372) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52cf904c4e8b956419a478aaca240720_NeikiAnalytics.exe"

Network

Files

memory/432-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 da211b45673d9328397fe52ff3f055d2
SHA1 ae4381cbef01beccc029cefcc1e4473a3637cf0b
SHA256 3e95c3872374cb66daa1a3e32a07c37c55a8e7e453b089ee55f5b65e4ca181de
SHA512 0e2ce875691e7d6fd9a6d00d2e47ebf5fbd787f43a8c18964c15e61386ed550b0577b7e0c9ce419a74774c6192f259810121405159c31cdc3af8fbba40a23996

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dd0d75a0810c9d1723d5e98ceef57ba7
SHA1 a22b431cf0c6b017434eebbfe496e6c0ac7ee7bf
SHA256 08b3f5e48b69cc079c86be36d7a3c94f4795febcc692259b6f6beec47a5bba2a
SHA512 c9e8e9e2c0d4fde3b1876d43fd68c23ff3393586dc244cbd963c3cc1d23e92d6c050909dbee9c6bd59dcb40a62f585211a5c556f3b674a24ae3478cd368b4c4d

memory/432-1520-0x0000000000400000-0x000000000040B000-memory.dmp