Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-h5msvstflk
Target 60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe
SHA256 f1ffabcebdb71426459ea36a4e3c5cedeea2e8a628281b8af4c10422366baa29
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f1ffabcebdb71426459ea36a4e3c5cedeea2e8a628281b8af4c10422366baa29

Threat Level: Likely malicious

The file 60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4893) files with added filename extension

Renames multiple (719) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 07:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 07:19

Reported

2024-06-17 07:21

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe"

Signatures

Renames multiple (4893) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DisconnectSave.jpeg.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 106.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 f1a5513a246a9c59b3e7dac8b6a842fd
SHA1 8d09318efafac46929e7fba93f2d2af70c11a5f9
SHA256 71c368c9c18532e748546071d444c1f55a9d7dbd66cba242f4396c9eccb0e3e0
SHA512 ba42b930392025da6ecd20850fe9f9efe7e5fa3659b8fc394df8b87a0e6f5404207991162e002a7ef4db77b99d5e482051fb9aa009f5681a477fd39fdd090878

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9cd831a73fd3067c52ab491691113dac
SHA1 b85c928e7f544a06277d25ce4cba9fc790c68a67
SHA256 41a1fe3747ae7b6a4abc7a1a63f537082459cb8a2a74a20949846ea3f4afb642
SHA512 b588655b3f31e12518b466f80ebb79d2d96839f108aff74c82e6468aba6ce618afad288102ef539d58c77472b090e6997c972ba2d778119293483e2f7621b690

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 07:19

Reported

2024-06-17 07:21

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe"

Signatures

Renames multiple (719) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\60e533b160c4c0a9c6312314b64ea530_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 d7297d79bc4dee01628a598730c28cdd
SHA1 a9c91da23e8bbd14707fa6c4b89dc25f8eb8ac4c
SHA256 608e519764bc46388823ee6ed024831b12999fe1773ca1b667c531ae21420f4a
SHA512 c26ae5140b01fa986ae779e8ed28c4f1b000f27c7614e919fb5701a3c3ab824bd0c376391d5a19e0cc2096a5c7055f9982af1de1df5b267f0b46a096b1ef9638

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9dbddd23be1e9be317c9e40edc063693
SHA1 dc5debf754f7c1cd053f213afed4d441a5943322
SHA256 d372ceeb47ec1fa95bccfa57e41f44004a1bbacfdcdcfee6fe62268e86035140
SHA512 2f79b91fdf78588469c0ca77b30667a869ae1c0c1de54d621ea19d3ac952ccac388cd23b133f7c2b2f8948ccba70c93570c3dbd3f6d91dce51b9cd884b20f8d9