Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-31z8lswcjh
Target 1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe
SHA256 0bbdfc4431e7b87cc02e641a3b0945254411ee09f571e28f0093fe91901ca1a5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0bbdfc4431e7b87cc02e641a3b0945254411ee09f571e28f0093fe91901ca1a5

Threat Level: Likely malicious

The file 1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3733) files with added filename extension

Renames multiple (5215) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:59

Reported

2024-06-11 00:02

Platform

win7-20240215-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"

Signatures

Renames multiple (3733) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpenc.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 8b887655822eb577cb47fa1d7e0682b9
SHA1 fd25115f1d8daa43ccba093baea6f5d467a1f367
SHA256 aa2ce8372a35c9dd2dc3946e8f2c5d05e4bfe350946f078eb0869240d447bd91
SHA512 0598d67e69a3b961dbc1e687750661b4f2ffe9a53753cc874e97c44fcbeebce929013d01d6122713a7475e4716fd58d962e0c24e7f02517dade638d6783ab546

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 42d0f64a66ac814b92bc6ab564b74281
SHA1 c03ff269edcb6eaf13463fef1ccd6cd0c15c6259
SHA256 277f3ecb1638bc39f7116967203e1547cefc15d225b1b5649707f973696eff36
SHA512 2d8e12baac7d964123ad4e1a03b647e3fe1153bd8d898f5dc66e0ca9e72f8305c2ee4476fae967560ee81a608db5a7a75174cd9a9a9b3d17c0e08a58beb359a8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:59

Reported

2024-06-11 00:02

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"

Signatures

Renames multiple (5215) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1fffa93c50fc4ec509dc9871fc07eb00_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 f619e259bcfc0e77af02e9ad4cd882f7
SHA1 1bea807cf075525b8a9b45a914c1100ee6a2fb99
SHA256 e4265a026ec8d075e53673593b9c38bcddf68607038476025d503d0335b305ad
SHA512 15cb4f0a011674a5cb26e4832f4ca30e099c23525efa9f96212751b4c8b1380c2924b786c1d0f5ae18d979f752decdc66407584ad03eb049f98298eaab93370f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 accb3f4c13fb1282a1a4736b1291bbab
SHA1 b72458888ccca1842066f26cd93f1c27ba0fc4af
SHA256 7f87875935d2d917817da24dea261f16e41b373eb422409f30d0481ef6f9d38b
SHA512 43e8d786fccbf355e1029aa1a913eeba455acdf48eab13b19c6376da12b6bc862fa8dad89ae1dc5c8947b64ae84541fb8016365a0ef98f260b4aa098946a1383