Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bkxzrsyhkf
Target 962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe
SHA256 0dcc26f752012b77953d66e3fd0329cff0df92d7a3a07c16c712fd26268c44ba
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0dcc26f752012b77953d66e3fd0329cff0df92d7a3a07c16c712fd26268c44ba

Threat Level: Likely malicious

The file 962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3751) files with added filename extension

Renames multiple (5350) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:12

Reported

2024-06-14 01:15

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe"

Signatures

Renames multiple (3751) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEODBCI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 0d7f445faed9652cdfb346797b9ed282
SHA1 9a150e5706fcace7ec17d4043a7b54d8f69ae6fc
SHA256 4dff6d86dbe9f74cad2a93f06e0b583893ccaef6d39587fa26925190b9d2f6c3
SHA512 767f218ee75969381ca67a1c12d7891ca307633a1163286813674998e6d8ef9a425b3b6821df3af551ae86ea2feae1fa3939a3e0a224d292b6209550a7f93707

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b926bf7075afe6a81772f8c996987930
SHA1 09734ab1bdc999b18b2213a7ca01d8bbbf76ae40
SHA256 8562979bdd5ae9773f74e03fa7b7ca196859d30430a32c7bf23a771e7647841d
SHA512 f820849e9a8ddee0434cfb2441ef975a9d5faf1dfb7b67ea5fcda45ffa1217f13a799e85441794e4807f10602b3c3199128847997eb5ca791bad800f84f15338

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:12

Reported

2024-06-14 01:15

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe"

Signatures

Renames multiple (5350) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Office.Excel.DataModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\962b303cec897f2fb39cf74e78d8a130_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 355a5e8e954292b921386dc94dc1bb96
SHA1 c5d3c3d8e09dd54ffa2aa7bd9b185fa3daaf474c
SHA256 a47664eafc281c9ef1ee9701ea1c5070420348d0d9a7140956e3a2111feba9c8
SHA512 e4df9de6c3661ac021df7f4d12ceb80e168d844bb35148817a3eb77cb4b37a4ae40724000a8c0700391a7845a0983808dbfba0f9920dc07a7bf3756dbf875e0a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b6f48852b6e4782e7916422f208144c6
SHA1 3f5bb381c934db03b7ac5cc3a4862e042e34979e
SHA256 df242943dae4f1448324d5ab6c7483bf93356c8daa1780c2a63e7abb42e3fba3
SHA512 c2fd5656bcc47c14ef0f207e707d69ba0b6d2d36b2b6f4971aa374e2d0424a4b5e5a87be0f233cfcc79e99cb072f94b9ef8d45357323fa74c603e7d90037c3ac