Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-ewtchaxfjm
Target 5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe
SHA256 90c878c943ca0d6a5d87f92ed412ff2e74d57df66a7af11b2c219a1c5f342e55
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

90c878c943ca0d6a5d87f92ed412ff2e74d57df66a7af11b2c219a1c5f342e55

Threat Level: Likely malicious

The file 5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3427) files with added filename extension

Renames multiple (5244) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:17

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:17

Reported

2024-06-13 04:20

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe"

Signatures

Renames multiple (3427) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\MeasureResume.svg.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozwer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpSvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2224-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 63ebc094daa869e639b5356ed6149230
SHA1 b15f113d9d2ee313abd923f242044275b7d43cac
SHA256 dbfbad4b97afbce47998cade81ce43812a94a1f292bdece103a1821129c42251
SHA512 30a57c89804a78d36aba0546f731b59125e5eebd2d2c97f2bedcac125a55c4ff3ac92efa247696c4de5eb810b8cbc48caae58cf2807a8953ae82ef5958c4870e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d8e62533ab1f452de7f2a30ee3b0f70f
SHA1 82ba9a344253b64f2c64317b4dd63600241f4b34
SHA256 ff1e90c95c6f84b07d69246320c899ed29636bee7ff02da2b02cf900616407cc
SHA512 c9519b3f03ebaeba3b78e0a6a28180acceddd5dbc8c8ad5ce9c940b2af7e8699f5b8ff6ebb2a3e7922900ab1b1e47a682a29bcad84b527cb17e45cc5355d3f61

memory/2224-584-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:17

Reported

2024-06-13 04:20

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe"

Signatures

Renames multiple (5244) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\upe.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BSSYM7.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dc6a28726aa20d9005a647ba8b2fbf0_NeikiAnalytics.exe"

Network

Files

memory/996-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 a9ef8b808e7eb782f4ed72bca07710c0
SHA1 7746e5b85d9ca79f4f5f64ddfd6b5b002f192724
SHA256 07807d12b2d87ce9193d7d030ae68f0537d69df38a898202da68f018f74b4243
SHA512 c97920afbcba0587184a63db4e105935b963eef3cab7337806f026c7d85a8619bcb347bc1262d4085d556ec37d5237cd7dd2bbf4f0489ea41e3eb77ed72fe6f3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 77a5f18f9a0f4db5af3c7a5f4ef78ae1
SHA1 ab763f758b11bfdcce9864737361e58aa8840747
SHA256 e231d4c17e32078fe80247a8b8b0996de4b9537c974314d500f1ac8307c8e770
SHA512 b0968f2f90277704b3695d639bdc258f0747e7c6b800ac69d1edfab726753fdf9f829c62228379aafc818387bcea9772a5c2fb7458f6894e2800b9860c0db284

memory/996-1962-0x0000000000400000-0x000000000040B000-memory.dmp