Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-pgkrxsyarn
Target 39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe
SHA256 9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19

Threat Level: Likely malicious

The file 39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4636) files with added filename extension

Renames multiple (2811) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:18

Reported

2024-06-12 12:20

Platform

win7-20240611-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe"

Signatures

Renames multiple (2811) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 391bf1813bf7795780ebb4171a5b8d79
SHA1 015f4bb8e9dc5397ebdbcb3fea84b06252792ff8
SHA256 08392a14e1a798e1664b5fdc3b09c69dc06942bd3e9aba9893b9006b819380fa
SHA512 be85d84f6cac2a255116b422d7fd3b7bffa449fb2c1ba038f6786146745c7c064f1820b356553c9424ab4a82747f3d9a9cdc7684e71b365420e42dc0a7dc443a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 589cbc87235e65d1643cfdaab080a0f6
SHA1 17948470441d9427833cf0cff56ed83f4e26dbf1
SHA256 28f67dfe993fcc45e3799fb875052d4329d3bfec8443ef879789ddc638de7bf8
SHA512 efe766954a6f9a5d911d257c4b38bb35ddfccfab1763e1b6ce3b14e032d1e186155822adf7b90a570f810e0fb1f19c85f555e8c85c76ed90f4f1c92b26c2acc1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:18

Reported

2024-06-12 12:20

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe"

Signatures

Renames multiple (4636) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\39d60a42b89b07b7b240f8e1888da680_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 750c6c6d0852561354443a9a71ecc432
SHA1 7d7ae70a1da2a00f97d9088b9f7e02fff308e94d
SHA256 9a390f7b2d3f83e0ea7d1235e6c73f3e9dc4d7fdabc5e40a71d568864d241d62
SHA512 0e84f9d25be17f52051061f581dc944923446af77d6e445400444b5aec0b5ecee63c0ad243faec8fcf0b5386590ebab9edbcab4f4ea65b3fcf65174e14fdca89

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7061d979f811234101d7c0a0e8440d1e
SHA1 cccf09e8e7228068d3cd13f80ca259ded1cb8284
SHA256 240d58f38554ab89e47b2a4bb1e283b2344f5a10c39dac68650e0ac1c9659e78
SHA512 c0492c78833026cb5bab4afac627f297c0e36fa94132135d3012e6f5bc1df42f1f60f7a50edc40b0cd884d3fa835523dcd3d12596d7b6766cb83c5d7c7bbfe9b