Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-flwkjszcrr
Target a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
SHA256 27358220913ebc75247c5fc21a5a9e15cb418d4b740e50df687e7655b88c6326
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

27358220913ebc75247c5fc21a5a9e15cb418d4b740e50df687e7655b88c6326

Threat Level: Likely malicious

The file a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3454) files with added filename extension

Renames multiple (5249) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:58

Reported

2024-06-14 05:00

Platform

win7-20231129-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe"

Signatures

Renames multiple (3454) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 6332bf4f17f82c794dc72ce813c5eb30
SHA1 082ec8dddafd7572ab696ede4770134751c9a221
SHA256 e45cd51c763704fb4a81ea448ed7bab4cc0635d8845e617fcbd6a80d4f27e3b0
SHA512 573ad8abedb3250f3c2f2b21dfa3b7387d832329a208704d5a3aabd2967a0b441f96706e3f33f9e368b22259e1f61cd05be6e3ba648e0c52f5372ebdbedd7869

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 489e985fa3a3c018234b3c7c017cc2db
SHA1 53255a8457cb84f643f3a47a3242b537026bc76c
SHA256 a8276a330a87944865ea3a18c8e18207d22e05a0181ff030c4d6277bcf3e1b81
SHA512 bfa31d674e04fe58638424d8a88574883b474979e26f2527a1d8f0d7694f02e4bb6d12fe4fb7f9259f2aff709e8c441349e1c7d9683ba307fbacaa8e3cfd5873

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:58

Reported

2024-06-14 05:00

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe"

Signatures

Renames multiple (5249) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 d7356f16f685ab88583bf73f4409664b
SHA1 a8003070689d0dc69323bcb92dc4b77d17a317a2
SHA256 99bd41c915fa89454b87eb1419cb4cfc4751d8369391590c9783e3fe6c56f5d8
SHA512 501d9f32f7d33cd5da694ae4a3b52ad791e443cd1d1aa8ef6deab29cfe4c44f099ac90fe200e9357f963b78816cd44a87db6fb913d29388a9bcd3ddcb7aa16cd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cbb3e69bb900ea194299ff6d12d0168d
SHA1 5a4cce13051f0a2977ff4bb3d1813db5602529b8
SHA256 6b3bcb8ce7419319f40c9ab1c291da105f32ee2d5362253a37ce18f1e58b8193
SHA512 699d30e38ec6757738d1f7d7fd4290d7b9b3821f6eeb3ff157dfa21bb39b9f470e075c850902f67393bb7de4d1183ccf60900a6a33136799f8eecd1eb05e382c