Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-pdbpvaxhnm
Target 39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe
SHA256 b255fdb2356f5d896f10539c098dd681da97f20d8a420fd9eba24361d2942902
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b255fdb2356f5d896f10539c098dd681da97f20d8a420fd9eba24361d2942902

Threat Level: Likely malicious

The file 39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3521) files with added filename extension

Renames multiple (5163) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:12

Reported

2024-06-12 12:14

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe"

Signatures

Renames multiple (3521) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\GrantGet.html.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozwer.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 b9575780d21bc1cc95e8ed6a99d42d60
SHA1 d68b8f2a6d516f5aee70be14932fb8aa8eeb1c70
SHA256 d9aa11ed2fdaa8d4b2d3b074ff1e41affb11f9a623de965b47684178291f014f
SHA512 6ddd22ead9fe3e03d6b2d28f0b435e616914b86c96d8d689f65cf7306f19ed42557d07218c4c4b9a2f4acf497ab08eba6e3a91a43f5a727f7819a4d802969a0d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 57980ee73d221d64874b2ad8c5120ef3
SHA1 61bd1960757a0a751b8679047e61db23df3f4ea1
SHA256 51f7dcb7d4e540e44c2bb080a4d2f88b4aebafb8d4048194e0058718419f12b2
SHA512 7965b8f741a3e8e4ccf20b1e626ab10a2de9dd62a69a27cddeb25ba16fee0f3d242f5405339691edc512a2d035f0fc3dfd7c51a7263219ec4dcd80d1949d1626

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:12

Reported

2024-06-12 12:14

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe"

Signatures

Renames multiple (5163) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39aeadb18fed0cb53c4466ecf2271820_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 88de50f38426c19e2ec7ee062600db27
SHA1 06ec08b3f3337c32490ae31b90a533ad76b7b698
SHA256 906495663acabafff45fbdc532bb9866651ba42d7983af99f71c60014e1f9206
SHA512 7a853256c1272a7626c69a3ffb162aad90e8199476ea3a88d1b07c761d103aab2c8bfedbec50ee82fff303e5d7581272fe53a91a4196dafe3619c2bf5c30091a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 de518483ea7f5755712d83824cf54795
SHA1 23104352320d5521d0cec192238f5e5d72cf22c8
SHA256 599c2be3dd5d37f888f3aa1f4da0fc9a4b048dc3ceb22e347fb5210a276bbf29
SHA512 edfc0142620dbcc0552571ba7c1bd215de062554714d378d3f6363bc36cc9955e52f17668046c8f70ce66ce1a2a500863024e9c358c36278791d78e2bde24a88