Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-fned2swbna
Target a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
SHA256 e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16

Threat Level: Likely malicious

The file a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (2844) files with added filename extension

Renames multiple (4638) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:00

Reported

2024-06-14 05:03

Platform

win7-20240419-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"

Signatures

Renames multiple (2844) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\GetUnpublish.aifc.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 c71c4fce7f0761b8a55ede5e50ff49e2
SHA1 571e4ff20de84bb184cf8a0a5a9e5665cbf87549
SHA256 b4aa6c45c8970957454071d05a044d30c97b3a0aadf92aa6686212673d1f355d
SHA512 41d1f2066703ec8a1f5194ddd5864bef2e8628a1b004bac57998386f3ce0ec248b46ee70eb13fe4e8dd71bb6b84623ff15665fb964f653079d68ab41464aff8d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7da9dd1ee79fb2863745f1707de55384
SHA1 849b6b4b62cb29e9000a455851089070abab6098
SHA256 4a288204e06c4df21b35c71ce5d55c833ae532cf49c89151d92c3d521dbdbfd6
SHA512 53146911dae74c641bde92a788e5eebfb127ad03e83b38687993bf4e2057c4796212d7550c93e10e3370a71011fd91c046d90b073a682bdeb5e37b9ceb683706

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:00

Reported

2024-06-14 05:03

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"

Signatures

Renames multiple (4638) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 9a43ab1aabe39965bb54f46b810b9a31
SHA1 71ba65e4b7977348d459f2b6af22b5399e8ac292
SHA256 3876de2134581210357ca6548c845ad1bfb8d9e6fe1c5bf6211279d0f11535c3
SHA512 47d27802a99b08016c84a657a275654ceb74cd6488b233cdc238a24f0f832af74f25538515370256a99b27bc6a690c807493e2ce3d46c6a4557cce3d112f80c9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 05bfedbaaa3879bb75828e8cd7a0aef8
SHA1 b89f18afc0c2a75127472d69a766b9cd0ef9966a
SHA256 fd23a3acbf2a3584bab452c7c5b693be24d2ad623bfe4f44e483a6dd557e0c6f
SHA512 6a83f402f8b767109d7391627c5bf7ac3e1ddd4fb3924cfe866e0b6f4d946a6dc3fe6bc6fc452976396188d8c780d944fd017e63ad6b2ae94f8c82114a68fd0d