Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-hrlcwazakc
Target 5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe
SHA256 f9442cc069e6662c32df7242961fa2be8ff3212f87ad401ad43e64d0f3034a8c
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f9442cc069e6662c32df7242961fa2be8ff3212f87ad401ad43e64d0f3034a8c

Threat Level: Likely malicious

The file 5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3474) files with added filename extension

Renames multiple (5110) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:58

Reported

2024-06-17 07:00

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe"

Signatures

Renames multiple (3474) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe"

Network

N/A

Files

memory/1680-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 bdb5a52666e01fa76a6ce2a7411ccfc6
SHA1 3176ded3bd6e2a6659d176f2b4c2b145b2d99934
SHA256 2eada531d0fcd0c63633e03b0bf9f70abdf1b7d7b9b2966f407d5ab86bda7245
SHA512 a4c0efb6b46bec6778baa0617d001eb263002fe7e379ba6675735bb8600c9a03b1f46f2030116e8240f72b4014e7380d141e63e424704c65b1434b7e2535c0cd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 658a37087feb0a3531ef632cde977ddd
SHA1 4aa564b7df661527f691b4aa9ad4fec25266c773
SHA256 d47db05564f6849b1395082209574f3961e3f1a91ef33eac9d9441b4f5ca9bbe
SHA512 68edbd93165e6cf485a3bc9d408bc873304581595dd5785672adeb39d46a96514c381f1609d276ccf954116871fbdc61221ea462f035a0e309924190fde8c7c4

memory/1680-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:58

Reported

2024-06-17 07:00

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe"

Signatures

Renames multiple (5110) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dcce81c6b3595d76a3e49aefa789420_NeikiAnalytics.exe"

Network

Files

memory/2160-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 329648431d3a5012f8f1c63388c503ca
SHA1 1cf35d81435f9e5ff8084071802b3c087bd7ae11
SHA256 30670eb2785cabc807a417f305134f00ad1e131b7453eba053e50c01cb57047b
SHA512 404f848e901c78e202bfa7ee41078d0ed4a9dcd133920294d37485c83330c02cdd4e9b8f58ee46f4160cca2191dcba421e94159a016b7dec567b175fbc9d991b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 40732291ebc825ea7d8ee1885706730a
SHA1 82896c46e536b0168794c02caee7f9d26dc5c28e
SHA256 9ddbd71909d2999f5863b1502d72015e12375d3bffe21f082c7c4d77bcd7dd89
SHA512 be470d54fdd717ef23bed2cbf52d7cc569e2444bba6368e219912c9a6d61fd7ef5c5637af67dcfdb051229e3692b8d4855f3b0fd0b04255f51a42d15d60ba663

memory/2160-1810-0x0000000000400000-0x000000000040B000-memory.dmp