Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-qgzfrawdkh
Target 3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe
SHA256 9e2a86ecc9867ea28ba3021aa055daa56b93f1b82a3300bda03eb6e9b629623c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9e2a86ecc9867ea28ba3021aa055daa56b93f1b82a3300bda03eb6e9b629623c

Threat Level: Likely malicious

The file 3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3758) files with added filename extension

Renames multiple (5350) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:14

Reported

2024-06-12 13:17

Platform

win7-20240611-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe"

Signatures

Renames multiple (3758) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\WriteMeasure.odt.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 80905c8a94db0e4605d2819ab207c368
SHA1 11c60dda08402a84f021dd8614d17e2fc0c3f2fc
SHA256 3d656eb7d23da02ea5cefa28da18f316329d649d81e2535863e02603f422c2cd
SHA512 a5585542af34b7282ecddff03d610cde0f0f2ad804064fe354e60311507bed5c5c20db256926999c4c9689c0b7812279076d0e97749ed5008c6153b995e377df

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 355a8a244cbf6257da88b7030f260066
SHA1 1b17a1889194cd42dd334cc28bcd45b8d5ce00f6
SHA256 5b3a961e19a29bf544ca0be109d325a9b6847207b5cfd9f2d1d12ad2a0ebfeb7
SHA512 b70b4636944dda972de6544f13c08ca4003d046ac011701fd4d845783f9443593fc1800e21cfa3abcb59dcfe2d09e523c53578306a2d476f0f60931a680164c5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:14

Reported

2024-06-12 13:17

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe"

Signatures

Renames multiple (5350) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJH.TTC.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3d53abd50b7f44f58cb1b40c619ca680_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 d2f7041dc1e6910dcac17fa10a99e9a0
SHA1 d0781ea6502b7fdfce128fbfa5cc7a8aee2b6980
SHA256 321536dc0eb164512b3df17f2db1e9941fc78de32d30dd86be2b0100babd1d6b
SHA512 8414b047a074d7e67ceb810c5a23790bd441b17264c5153069585e414c7b546cb41306fd076f8223eff9b9d0c40e014e9a5540925a918321a48f514f5c33f358

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8cc50377945a03992ce437b46f1e6316
SHA1 713e6a503744cfa94a7507e84c6ffa7af4e73ab2
SHA256 120bee5bf83ef7a82a7e665c0590a7b38af8e30c84db5c85a118277b98b6252d
SHA512 107b79d14dd657d51a11a7b0f585cf18b8623f7a6566d0ef0abb3c572eba07da2f15ae6abf88445001885d0e898fcd85977a7b79da0ee93016bb2100e25796fe