Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-hltr3aygjg
Target 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
SHA256 8df5aa50574578a37863f41b1fba422529bfac71eccf326e32e35c4c410361ac
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8df5aa50574578a37863f41b1fba422529bfac71eccf326e32e35c4c410361ac

Threat Level: Likely malicious

The file 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5187) files with added filename extension

Renames multiple (3445) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:49

Reported

2024-06-17 06:52

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"

Signatures

Renames multiple (3445) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpOAV.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 ccf2475a4d0c8849ad470fb719866cde
SHA1 3b8f8e15384dc46fc9634242b02364be97aa2a68
SHA256 94f50657e695ce330b5cf2eb295cad7ef5e45b9a9499202d989ac7b1989b7eb7
SHA512 64be2344c088dd73a69ea404a4d4d41f38fc8775da1e1b43790b5689d1b47d448f5e6771d162315a3b627eef33285bf100e712acf0cb7e52f701f64c4a8c26cc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 43fb6776dadf7736f73dc8d624a12022
SHA1 301ca3aa83c4e16a670a08ed3de70ec8bc1583de
SHA256 9d166c6a349a99dc6a22388c7763cc5d2e333a58a5af191d2261e4aa64a0a9ab
SHA512 b47d67e5474943351b344c05864a8dd1e8398afc351ab712e9e1f187e34f290dd044543273728245e1eda63bb7238695b7ac9a1bc9967abaffec808f7fc0db41

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:49

Reported

2024-06-17 06:52

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"

Signatures

Renames multiple (5187) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\DisconnectPop.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 7d913978cedccc008224a3e6bed2febc
SHA1 d4610ac1171a06590f41563fa12f6b3878c22348
SHA256 c400cb2e1d7adea4b7635503faf6afada732390db418df3a86ebc34a052d7599
SHA512 ba161984d115276f0a03c15ece8e3e38c29eb427317ecd6ce566866963fa745e122583d0848453d3e2ef6ccd944d2fa8f0e9e5e65b4fd004a42643b89060c52d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6ba7361dbe9d9685971c6d9f5eb23cfd
SHA1 4dc747d3a98a2340a78562fdb24e0df2e4c89462
SHA256 eef7bf1cc030c8c05cb916217c807ccb10da8d0d06ae9d3d11b0cdef12211463
SHA512 e1583294c23e90f44dffc331c2831a51f6f82ed349f1f9488c10775d3b638b808b03308c3abef2aa790404ac77d5ed591f41bd61e07cf84b44330fd1264cce11