Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-cm3hpszckc
Target 34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe
SHA256 05ebeef6bc15085a27995d2ca7633faaafdf738040c41141228a59bc5f986cb8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

05ebeef6bc15085a27995d2ca7633faaafdf738040c41141228a59bc5f986cb8

Threat Level: Likely malicious

The file 34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5191) files with added filename extension

Renames multiple (3436) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 02:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 02:12

Reported

2024-06-17 02:15

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe"

Signatures

Renames multiple (3436) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\AddApprove.potm.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\SuspendUnlock.svg.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 7a8a2f8e0bd50b9cc0e52eecee67e5d9
SHA1 714c29858aa70588b845a00cad17a6e9c41e0463
SHA256 5d753a7aa68f822802bdb8a1ca83c344dac30e1a76c7f47046d5f93b2cdb4f5d
SHA512 0b480ca5ae20b8d363f855be244092fe7cf3dacc29f1315d1bd30e81e26de27c75b4efcdf4e92e58be165a7d2ceb4f31065179237c6e77a26b7a70d2ceadb984

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fdd99127f46674c2a08201332bb639c9
SHA1 33353a43c4512942067c8179931d7942baf6eae9
SHA256 b4712356996e9b81ae63232dc8f413ed2728dafc1659834decd7c4504ed04731
SHA512 77d34590d496a2aaa142d66e728596d9a79408019d9a4bf585a67a9e17ae1d1931d8554f7562e7fa6813c45897f754376554882f34cfc16b2ea774222c5f0f57

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 02:12

Reported

2024-06-17 02:15

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\34bf4fe275901c9cab84fa663f3dfab0_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 7667406fdb003ca081e5489f0d147128
SHA1 0708b26c4f8fd462978a56881ffaf08594f106de
SHA256 3d88739edcf076bc940dae3d1ef8afcae3d61880b3218ba630d722d58eab5201
SHA512 63364ccc1b34584c4c32af0c3a8c402bf96e7dbad87045965e55b3f0cdd089aab1771e17efd87598af6067d80b291028580bccce21e3316f6e43743e807269f3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8e4035e8677ac41e88fe38fbb636175b
SHA1 8afbdb926062e879051e7a3ce83fea16c1ab35c1
SHA256 94bc7ba608c65cb9e19a8d78f610e342c74bc28cf1014361b8c5c7b002346b64
SHA512 101c1a2ee367900da1f5343181ef8c1c941f364600b0d3ec979c9cb66bcd26d4e06a4df8a0271a4d92f9bfaddfdc023d22a6e24f2509f331673028aaaf40684f