Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dsxp3sxbnn
Target 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
SHA256 1bb2e79ccb16012c8197b013502954d098536fec325105c653011b2115392619
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1bb2e79ccb16012c8197b013502954d098536fec325105c653011b2115392619

Threat Level: Likely malicious

The file 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3728) files with added filename extension

Renames multiple (5339) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:16

Reported

2024-06-14 03:19

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3728) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 4d1a6623d370f542686d3c700917e55a
SHA1 2a31c2e77eb654cf3201ae2b7e717b1c660d5563
SHA256 8f2c403ef45dd6ae5217e788849656a3404f9036ee4549d84cac0c120d7e9f42
SHA512 1b5bac5958466f5981a6ae18def0f7ab4c8c4d549f9158dd2fb0ba3c7129bd9d901e7c4b6751c55bc40a6496473932385cef0e9f71538c5f9ac9e5dec699e655

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7049f81f833da58ecf28777968d5f864
SHA1 d8b2ae9e6c162cd47214e82c5625e751107fe794
SHA256 e65e410921e52836f9da608272bb1138a266b595fb05c4da4f56c5b40ac244b9
SHA512 78b42b9670181c2bf7a1a619b743af41f65fc387ceab5ec59d92601067d273974db83e6413efdeca3db4b61a235ca6cd154a8ee2fe4fc60f877d79f71b751af1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:16

Reported

2024-06-14 03:19

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5339) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 4de755680671c926f5c777bf58cab200
SHA1 495859a8d943a7fe09dd49cd406d1b954e7b1202
SHA256 b58fefb28da20ac3907939a909b0adfceea0060ed4975b26b662087b5e3e617a
SHA512 4833658da146f7c3f147ba7b1ebfa322a92580098d359123e40fe51bb0871336857e3217056bde57e7bbcacb4f23d21d60a21fae29e7583fb5fe111579f4d3c2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8c2d1b3b933a64f864a08b2a2ff6fc8d
SHA1 0552adaa70c99c97993b46ed8095688d48af7bb1
SHA256 058ecd79b5ec60cb4ef03ce5dfd20a0c3342114565a56522289d6cfa7a595959
SHA512 f93ac2807fca9d006739a4856c9a3feb773adb89e50cceea9b3743cf4a22f1dd02a8748ba9a4a996fa75049d0731831fe29ecffd248efad2891279f6b30165ca