Malware Analysis Report

2024-09-23 05:03

Sample ID 240613-g3ztzaxcjb
Target 651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe
SHA256 5b8960d63d00e7da76428908d96ab19a422f002b10ce012e20176a624cf9702f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5b8960d63d00e7da76428908d96ab19a422f002b10ce012e20176a624cf9702f

Threat Level: Likely malicious

The file 651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5337) files with added filename extension

Renames multiple (3851) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:20

Reported

2024-06-13 06:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe"

Signatures

Renames multiple (3851) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FNT.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 e5f092a94d0b4697bc237dd3d6e68537
SHA1 66a732dea5c613b16213af6191cec77c9c589b34
SHA256 c05589e1a41e8be4f1a78a9afb97f7d3332e0719917764f56cbd45f77046a42e
SHA512 84ba3a5bb07573d86460c5e4e1852cba2c0a170325d06eca16a635945de6df1d7c6cb76f1dd6e0554a0c6134539649bed0fbfe4cd1e3a575f1b9af7df2a8706e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9d29a887ed49d84b132278f67452514a
SHA1 d11c952e5cc14866c617e6f8fe95b4d6e3d724b4
SHA256 96c60614cf8e83972131b47fa0d0bc3191ecb939de7723165cfd16fdc2c693b9
SHA512 e7d759b483f37befa3494ad7f1fe41e2d277335e2e45e852da662261d8a2ee74844add3f497c46abe6824ee4329658e03f8f9f4550f13f931630082ea5970d0c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:20

Reported

2024-06-13 06:23

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe"

Signatures

Renames multiple (5337) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\651012d192ddfd0c98a38fafa3d65050_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 bed6bf507179efa76c6ec3d5bf35149d
SHA1 56006d0b46df0d1e06bef87a916bb57a6806a0ff
SHA256 10a2e515a32b2bda68e221b4267ae33f71e4bfdc252a73da9603c7e0d718677d
SHA512 8749c8e416410d4b85c91f3567fa838c595cd575658ac9c36de75a2d361b28c4633c529c7717357502afefc839452c5b297299ed0fd9654cd4b579fbead3370f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 84d57fdfa85ae149728d16c17e1f6b9f
SHA1 fc7755ad39c7b38c9bb79a1a3730c718c880626f
SHA256 cf8d478efb0085dabbb8ce98872f018ce0c80db1b36cad43f6eaa90cbeded1bb
SHA512 2465d920fc059d654fff60a63fc22dd33ff26186db4a3eb1e8eb263ffb8bb8250a0212a86191170c57d6db7b5691b487cdf2ffc2dd56780521f4f5acf8623d8e