Malware Analysis Report

2024-09-23 05:12

Sample ID 240613-fkzktaydnn
Target 6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe
SHA256 01bad40221d048c789f4621163c6a8699dd634a33f3b065ec30cbd1bb1298328
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

01bad40221d048c789f4621163c6a8699dd634a33f3b065ec30cbd1bb1298328

Threat Level: Likely malicious

The file 6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3784) files with added filename extension

Renames multiple (5275) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:56

Reported

2024-06-13 04:59

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe"

Signatures

Renames multiple (3784) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WPGIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabfind.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 5c008aabeecd73bd8da688ce7d2e2858
SHA1 5fbb6d1d4dddc6ed5cf9e3dfd1a578a904e3644d
SHA256 54f3b5b71f29a115e642c081b4a0c9ae73fc168cf58c441242e9066a0072a29b
SHA512 022f1cf0adae3d47c877d0b541e0cc145c82182801dc0e17ed3bc4203ec9ef19622325d37138baa63247b36edb17d7b95b1e80fa8c2aa639f0f92aa7360c5653

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f5b28686597cb94d39fcc63eae9db0f3
SHA1 08febb32b74106a53b008fbb5f5d676091292075
SHA256 b078ca6afec6b77482666f36213c8be6d380b52b053172841fbf8a9c9a5c3af8
SHA512 0b18940649c6a908333162b1b5acaff51b0d85a58c11a2b5bbab40c83a72ed08df2fc73863cda238e17751f4af5153aae6b4aba2b10adabc0b8a0cfbed942c10

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:56

Reported

2024-06-13 04:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe"

Signatures

Renames multiple (5275) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\AddWatch.jtx.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6022d8b81fc59359ed31b3a17ea03a20_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 add8a10f98c3ddc42c876b18589d02b9
SHA1 81584be93c85f6fd84536ad48cf4372b6412ca7c
SHA256 9adc80ad2b2c6e714f9a4e74efefa577b2e993ff9d08b83be9a7e915fcfe928c
SHA512 563f51b0e74980df140ca3fafb195aaa052c3ae52c3f5d8bdf3f1ca928ced5cee347e27d524c58ba359476fb024b8dc6cd990964d2b6bfe6450a9d2839381a38

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6c6fbc226f0ee8be600c9f8bba6ea2d3
SHA1 72f17bfa400be8f2a421a50093f56032fb10f8a4
SHA256 3e668c8f9391c7577f62859fec51a8cd388dae8ba0fc057c562c7a1b5b0c7459
SHA512 55857997bfe7d37d2aa54af2ef04b2796fb6ae9b4447b18509f6fc2982c933e60c2fb7512cb5aba0132d30528ad3132efcb365cc5da4669231a9352bf68ea623