Malware Analysis Report

2025-01-03 08:31

Sample ID 240611-dkngfasfjr
Target 2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
SHA256 449c17843951243d0ccb1bf5150978d4033d25f14ab996e6eb3c749f2ab0e9fd
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

449c17843951243d0ccb1bf5150978d4033d25f14ab996e6eb3c749f2ab0e9fd

Threat Level: Likely malicious

The file 2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3454) files with added filename extension

Renames multiple (5094) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:04

Reported

2024-06-11 03:06

Platform

win7-20240419-en

Max time kernel

137s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe"

Signatures

Renames multiple (3454) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\ExportPop.ogg.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\SuspendEnable.ps1.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\NBDoc.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DisablePing.vst.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 71e586458ce6dea0790f865957dcb779
SHA1 d240aa78171780e6e1805d0da8c4bbb0cfd68e62
SHA256 33c05971aab12fbdbde146bd366a8e9af93631c5537cebf1139e9d64cf50281d
SHA512 1fc64b5315dc374cb94055b1cf0d295dd4a83766d8e0977f3dc7603a97eb688165f08f73845927f377fed06955375f3fd4c13366067978a003de15d63e16d812

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1c4304417559c033a8fd507dd489d171
SHA1 553655b68038e3b771a7df4f04358549de0af654
SHA256 924afd0fe0e2c366a34f55098d368966292f72118dde33b8d4c118407b3a51da
SHA512 2e6fdcfef20f800bc392c593f1ebf710f6b4c68b7feaa3abbdcc45f5200969d1f113e1404d91665d4a09511ad97b7a64ef6aa644ad96ec57fad7ccdf1f2ead14

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:04

Reported

2024-06-11 03:06

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe"

Signatures

Renames multiple (5094) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 8a5d0ffa7e7e2b06e0929aae24786a60
SHA1 e562229d0dfa7797f5c23560421f58503940b9bc
SHA256 eca78f37838089c6628232caf38e8c46207d94d62855e33efb6036cdb2c4d599
SHA512 38a74cba4a3ba50caa27a9835a2c04a844c669de5622b8671c490fa39e029b3fafd1bda8929a6325a1d5da56090c9f66f50796fe0252df8d2260761919e8069b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c36c763662233c74cc1576f9b3b58dc6
SHA1 53d602120b437f6301b1b2b0ca29be12433c119a
SHA256 353251d8f6a54fd174659fc523c7c53a16a706c91fe971d296d8abefe85638f1
SHA512 6c65d6fb93718655484ad60d3e8becaee63325a756d63e818670b0bb6c8c4bce7339218de7160a42d88dea301eae730a7bba7602578bcf54de58a16695550ac4