Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-fplvhsyeqj
Target 608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe
SHA256 09b0b534aff85a61794b8e3d019d2342d749a96e32b8c1097bfe80376ad1de55
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

09b0b534aff85a61794b8e3d019d2342d749a96e32b8c1097bfe80376ad1de55

Threat Level: Likely malicious

The file 608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3686) files with added filename extension

Renames multiple (5199) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:05

Platform

win7-20240419-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe"

Signatures

Renames multiple (3686) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpSvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 5625a930d4f4896f77d9a1ced53412cf
SHA1 8e7ceee9ed5da312aaee8077c199f1d667b9bf29
SHA256 e221c25025be3b58d0a9e70cfb8a219ad7c20145d3ad38d7dd540f91994d8889
SHA512 df75500ea32ee7ef18e74d5ceb0dc79f8d9d655e3be8df854e81489304214ee89ec99b396337db0b8814a0696dfb107a3d2975469b38b7f0dc3ab40e3e752785

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e066f6026e7025b4c530c21f88500aaf
SHA1 94253f1c1af89b8b19cb55bf354fe3b824c26178
SHA256 9c0aeea8df0e04a84814f07cd83593ab05aa91f4541a338cf0c68b16231294de
SHA512 c1fdd7f8c50362ec388695a1f69e2de7494d2f4010c4611a05d65f4335d4b3a5834211c4924ec48c9beac1c8c9cff5a622d6282684a37abfe49aba5f29d5e033

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:05

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\608aa89ac077c8dd8c3d3c1de8538510_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 e35ec90a7c8ea9bf4920f7095b8cdcea
SHA1 9adcb77bd3af3124d62a54d5026c8f872f1c7391
SHA256 f508b396c594ae50f899a1b88f92fbc402a31bb56147c0c42374f0d4f412754f
SHA512 734812ebbcea1d22411195fbc586c087cf3c8c84a61657a292fc5dbb598a0ebc4f367d18b8f8858294e5c40bd0ae9663325bc17da4db4fd6491beeffb275fa16

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a3bd73e08ff1e39c6f34dbe92aa77150
SHA1 f80050bc157811d24084b76b75e1aa1cb52abd95
SHA256 f9b4a4f1c940dd9a58c919c0f1966ca7eb07a8db54f57cad255cb1d8866211e5
SHA512 fcbf9d04b27b1f672bdba35ec6f4446cdadc528fdd3cb6eb382eac6f25d29d35a2310b2b84676ce5c4300bdbcc30fea92863b6a7d8d3e3703d01bf0f5d1650d9