Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-h53t3syfqg
Target 68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe
SHA256 e600d5c8b2e5a5e277d10579e7739734671dfdfd077a2a0619f160b178df963c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e600d5c8b2e5a5e277d10579e7739734671dfdfd077a2a0619f160b178df963c

Threat Level: Likely malicious

The file 68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5232) files with added filename extension

Renames multiple (3458) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:20

Reported

2024-06-13 07:22

Platform

win7-20240221-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe"

Signatures

Renames multiple (3458) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\WriteSuspend.xlsm.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 12cfd56705821873b437f7a81ac3016c
SHA1 2dc282022a414804c9039bfd708ddd0a7bf4affd
SHA256 58affc0f74d479f764fd75a2f0c8c9c4a0fd5419aa39ead74d43bc96c6da85db
SHA512 f865d33427ed2aa56d8b9418fccd295f463b7e769d0497679710f3c36a9edb1277523395f428d25eb5d6ece66adc0ba316b4b8dd7cfbb63971392f76be5d34f7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 154d294d341eca608a84ee3d9c0a3a4f
SHA1 e93bc858fae2f1c8ede17861b03a27967a320b7d
SHA256 53390a1239ebab57445f1daa285069929e4a9f0657ea7b4d7582b6afcc0250d8
SHA512 6bd21af63d50465a0349e8ac35f702c69619d710fa11b0e9e264b546b39895160ae154cd7f846be8bd980761574bc099b7821115666c5756c9f523e1ee5e2419

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:20

Reported

2024-06-13 07:22

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe"

Signatures

Renames multiple (5232) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\68e0895431cb020b35d744e0b02ee780_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 d1d30216190e8827c35c9fcaf54f315a
SHA1 50be07ecfded31589ef9adf8fa6b4e8ceb7f2819
SHA256 c749df03c755e23b83cf2fa172552ab0146a1081cba44ee291878ec35b2f63e3
SHA512 4eaf90fecf41f02cb20d0016ac1fbab3506cfde32ada42607dae811cc2fd56d76a800926e282af2e9011c06e2bf69b666d0ba3561f5df8f5b8749c5f9ea105b6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f3158796853ac92da81c84c58fd5e7de
SHA1 de9db282105b7458f8fbe5adba9ac48dab26e002
SHA256 32831c986ad1f127755f89e959ad8817f4949ae430b7f1cc52dfc131f112c38f
SHA512 408596af051835763757f49a894c88421f9913c193d367230fcd47feee20d00aed214c03d5cb315b54505c1fe2c37bf8fb5f7e546c14defe1140b8a76679fedb