Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-hbp15a1hkp
Target 65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe
SHA256 3bfd557f1352fbe71452b4e1c93de2dff0174b76a20a87e1361492afcdc7ec36
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3bfd557f1352fbe71452b4e1c93de2dff0174b76a20a87e1361492afcdc7ec36

Threat Level: Likely malicious

The file 65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3423) files with added filename extension

Renames multiple (5135) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:33

Reported

2024-06-13 06:36

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe"

Signatures

Renames multiple (3423) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 94c10966591b5ec7f09f67e2109ea76f
SHA1 a404c1fc3c790b8e5762ec30139ed52c8f79e5c2
SHA256 e9591b2930a412844995171ab9978a46418901303ebc6e47985b1e66706d869d
SHA512 d453fd29d09a3a11c6dc5f59f4146c99193f5bf34ebaa9ff5ff5b81e793d1a3a72bd9511718dde04ebfce353d6e5206ae8ce3b0a7469dfc30240c5bd795f18ee

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 602e837ba48eb67783870f483276a0aa
SHA1 5b312e87f1f3d4d75214682a2352791640a27174
SHA256 504de3e69621d610b00a894c393ae81963aa2f36b73a8d1ddb0264cd06f7a097
SHA512 7c57ce1139b94534b97cb41b8bac653f4f1e687521dd0942135e205097450edc652b7602e13198125fea1a517966a3623a97d28094447d7304e3e29a93b7919b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:33

Reported

2024-06-13 06:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe"

Signatures

Renames multiple (5135) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\65e8ece4e2718f5a8a3e9f7c23164cd0_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 7ecae559dbf35ea660153f94ca54d188
SHA1 c1d81ef3173d902dd4949869c8abee275ba05293
SHA256 09bcebece2df0b589dfe76d36c8e7c8000b66f4778f5f6dc50da87649f4ac1a4
SHA512 c62ff4df22b3369e2e5633bcc88a277e4240b67773f490e855f7f6e340541a4d8a2a5bc54b1ea073f4e2cdf82068be80c9e09cbd4d74adaade2695e4c166a33f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ce156036d5ba11b8faea400487505c52
SHA1 ff064e3a263df87eb46a666e4b832c9e69d6e5d4
SHA256 2eff930bad3f0d7ebf36ea44262253a6299a4f6f91f010258f0cab78457dd4fa
SHA512 ca94ca3650f9031cb8defef1ee1eb9970c8b8faf4b1c85d26f0d08d5ef099736d481477fc10e30c714e156cdc232d0c2226422ad1adcfc76674743e5881de3bd