Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-kvklvsxdrj
Target 6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe
SHA256 e7a1606cae998e23061f56b693534ecd48a3ac4cf13e732c6f329f6bad257040
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e7a1606cae998e23061f56b693534ecd48a3ac4cf13e732c6f329f6bad257040

Threat Level: Likely malicious

The file 6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3447) files with added filename extension

Renames multiple (5130) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 08:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 08:55

Reported

2024-06-17 08:57

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"

Signatures

Renames multiple (3447) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Pipeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 4cd6ab2e4d49efddcda9e133a86d409a
SHA1 3dfb1451580ff851014441fec9f3d97b256b96b5
SHA256 50ae3c289a5d7d8cdb97a303c03725ab4b2eb8a5e86d96e55780467fda39d224
SHA512 b24b154b598ac1fc9eb6b4dd0fa49236d5bf3512c73b805893a96a81fa298576ba8fedddc2166b8c45f85faee2aba87c397b75d40ba77032fed9c09850e2d55c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dcb3768897e0bf96c6fb59a41606026b
SHA1 2d0e80e6e0e8918c6b5bc3dfd13504dc9a387413
SHA256 ca9a52c86afba0d0a8e9dee85e9761635f0488baa8afed73badfc3a2ef4c9787
SHA512 76f7e56b057bdb428496bbbda6c67f326c98784f40f4f9cab20e0873c586730250ecd1016aa08396f39349a08f996908c7bdfddf350055cecb0372bff3701395

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 08:55

Reported

2024-06-17 08:57

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"

Signatures

Renames multiple (5130) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 1ed3266e3cb1791091bb9e094f805ce3
SHA1 a01f3459286c80289d80d413aefe6e356695c2ec
SHA256 47bfa204ced62e3b037bc2940b1c4b23d60b0693fe93e0f0d5eec2bf35ded368
SHA512 006755ca05b83764f4c74f1a0644f7d26699a01e72e872d08a4dccf314545f23f794f8601b0feb9e6af9b2fe4657200997f4b525fbe2e6dd3666b994e7d10fbe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ae3c5f9aea6d057b1b6965b26ccbe78c
SHA1 55784c9cfbc9ba443b93a27f091b8a8d96ca6799
SHA256 e1d33e6038169cb26fed5f7becc7f34963d055b6f4ffdd90c26d05082fbee30f
SHA512 cad3548ca064df0c44660879fba07ff7cbb51473d26aa40a1a0cfd6af2d5a4ffcf13dfa92df21e654ad9da3fd3d138ef252b0c02b77761955d4a05c04ec529ac