Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-3a5qeaxcmq
Target 1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe
SHA256 0bf0071991f9f19379e274bad859bd1e6ecd71ae79b96471afbc5e5929069b22
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0bf0071991f9f19379e274bad859bd1e6ecd71ae79b96471afbc5e5929069b22

Threat Level: Likely malicious

The file 1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3438) files with added filename extension

Renames multiple (5193) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:19

Reported

2024-06-16 23:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe"

Signatures

Renames multiple (3438) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 e9dd28d53406c8da5f943b7698e251e4
SHA1 816d3c348e2a4ae846d687d46065d2bf424a64fc
SHA256 b5667df07d93c3fbb26be109375c9d12d08fb4e176f354f583c9bf73ceac540b
SHA512 09d375e8936cd0589f6bd3b0b5eca1fe3034ff7b65fbc2fbad3f67047ce2403360c0edf0987a5c7713ead4f55ceb61959ed9abfa4dcd574b463cbcc65a77821d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3d10a9a5115b3a3b570d434490d71328
SHA1 baec00bc49756184700ce828130a1db50268f9f8
SHA256 615dc3757a2a5f7fedeb8c30b4fad091d7fd18db82a04d945a46c829bdf8dbe1
SHA512 e49847d5aa7a78db21b826abecf89775914526f2cb77f3cab26d8b5bba5325e04b7d79c52950e8b552aca90ba493764ab72811a1653aae5b70322f98c5e44e8e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:19

Reported

2024-06-16 23:22

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe"

Signatures

Renames multiple (5193) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1b91f93255a2b708d1aae16d5f3d1a00_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 6e55ed270a6ca80a9c1a519cb288954d
SHA1 93f17ba2a4234d38397f3c76b4c10a7381b14812
SHA256 f2c328fa948aebd38cf3653d341ca059645f9955a0cc80a1d08cf076c52c3dad
SHA512 4f5534e29c793656a0e64a157a0a48b2724943bc19339c3f6a1782b54a80f1bd436fdecdf75c152fc6c5162ab72cec9b0407c47ba87afba869c5eeff14fc2cb2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8ea241529c673b07f07da584d6e6310b
SHA1 67a977f17f1eda5da5ee5fbdaf25900464ed85ad
SHA256 b748d69538dca70ff767fec1d9ccbcc30019556213955913dc626e3f14108775
SHA512 84a8a125d08bcc953b8092e4c49e04a5b80624f0e3bb187c2cd8dd518ae5466e91ed5f64366a276ceaee252e93a2dd18b4010e7d68670a1a6fa1997e8fc8a712