Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-a3arhsxcke
Target 214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe
SHA256 ef068ec6581bd8119387bc863ad93d59feab479b18aaca9c2090b4bc46f1e9c2
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ef068ec6581bd8119387bc863ad93d59feab479b18aaca9c2090b4bc46f1e9c2

Threat Level: Likely malicious

The file 214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3751) files with added filename extension

Renames multiple (5327) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:43

Reported

2024-06-11 00:46

Platform

win7-20240221-en

Max time kernel

150s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe"

Signatures

Renames multiple (3751) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 4908ec22a5a32de8ba462e6d190ced18
SHA1 5c51dff6fead73008d3a2a6a54dc357564dde475
SHA256 756ef79b35132af83c920570fecb23c238bfc085c82835087801b80a6654cd9d
SHA512 2cf7b262fef3baabc5c65c5fbfb66239bb3bec7e1f268f5f7626d3d3933bd7e276687ebd04ce8fa67eb70f14c44a41e3d4ff43578cb710c1e5c46c6a4dd2120e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 00a99222305fdad8c630b2b933e4c7d4
SHA1 05d2c00ebcd54c77a1644d7b9daecac128102a7a
SHA256 6313237ff3bf2ceb67a3c2f944e028ce8a588bd453833ed6314556164af3bf64
SHA512 74b451196b7b44c6c1369c7fa8462c11aeec2c3a325d8b7a0c7fe7a310fd6a0a308c2f9180885587da7d2894a4e2d212d6e6057c2d2b6732e1de0ba7fc98b574

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:43

Reported

2024-06-11 00:46

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe"

Signatures

Renames multiple (5327) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\214bd9ca77fc3a6fe3c38ad8df598260_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 a70232931229392cac4e8971289ae6e5
SHA1 bffb2834ef010e1cd71e89cf78c3ac9182b01f6c
SHA256 283240a2b2eeba1b25b1e50847a6213101d273cacde08883b4e1aef77239239e
SHA512 0d68665d35f6f2045dd49b55a0b7982a894a2cda798b66f90d761edf3933a4dfef308a6f7bc2bd99a78e94454af9c518b26593309742e63d3eb4abc21b2c36cd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a24872585ee35db5c5a1c5fba9bcfb6a
SHA1 44690b83aa2dcc1a1d0a7c612eb9fd170a9b83cd
SHA256 b7da0528dfa0708ab8d4454b752e6453ab6beec7683f6f17984f73f176f54eb5
SHA512 bb4882d34fbca0c800ee27f950a46901579998d07ac454920a314fa11c62f925346531ea42c84e7003d6e82221a196b4808fc3fe548e1ef3abe46d67814af841