Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-d1v68atbkl
Target 261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe
SHA256 4b45c8fec6ce160436cb617fc702738e0e3e1c6ab8cc613c588fb4fd040f9583
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4b45c8fec6ce160436cb617fc702738e0e3e1c6ab8cc613c588fb4fd040f9583

Threat Level: Likely malicious

The file 261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3538) files with added filename extension

Renames multiple (5274) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:29

Reported

2024-06-11 03:31

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3538) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 ec8419bb4972d6c3ba9ea2d9d9696aa8
SHA1 8336d7acad7dce19c833c6347681fb62b804cbe7
SHA256 9e7ae4a63009cd09f7e9262e3b602312927c360171b5d08f3c0bf8c696d68f2e
SHA512 5bbf91342d0763a0cc24468a009c1cf443b7c2c1de4b2f2f6426d2cd02189bbe60d97e9034b273dacde991e561c947b8bf4c38df34a8e49dd9e47c44f2c2587c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4a5e5e88e64273efe0106b0a5c3be326
SHA1 e286ff8cb89ee11b6ed3905a9841fce66dc34613
SHA256 1ef1eea99f9ef91f32080eb1bead258682a64336becd467c5d8a81864fac6136
SHA512 188bb0ecd9b771217ed0479cac843264da120b4c04823f2f0f996b5a2d0613762b9e3991e54b59118b494079d05d7f2416e84e4972ca891bb328949213668160

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:29

Reported

2024-06-11 03:31

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5274) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.GRAPH.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\261164a8de831ffe15173c0f394a77e0_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 094f815a1a7ce4b1d7686544b4b5ca37
SHA1 0306161c7e8d2e389ec65e429220bbbdb416f674
SHA256 1b9c2eaead9e6ca1996bb05da8ec336e4ac851e55db3fdc5b72332691c4fcc58
SHA512 be3ce7295f6b5aa8104a0fe9e126124e03cad869441edb3719d093a012fdb43d88f5f3c47fd57c01f49f130915a1d04e646a1ecb1f9dbfe43254ad861bb21945

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 91483239583b0b2be2545bb065dd1c4b
SHA1 3cf969e65783ea9b2c90fe6fe1d9a528deaf6a6b
SHA256 2d2b357ef53628b0660275326d46c99259cec066ba5676876f8285866b0003da
SHA512 0403caf1ed34d4d2cdaa2bbb67f5ae9fa3a9c4988cea5f8f98d293a9619f8bba2ce2b7033f1355c23d253cf0b15cddec54cfe7e2f9a24631862ca08473da3810