Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-ntbjcaxamr
Target 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
SHA256 4410da8a6e92916727b79dd2629f5eb24b75604f7487bf2cfba981389be06fff
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4410da8a6e92916727b79dd2629f5eb24b75604f7487bf2cfba981389be06fff

Threat Level: Likely malicious

The file 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3463) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:40

Reported

2024-06-12 11:43

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe"

Signatures

Renames multiple (3463) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 65ef45fff503c63491c75540a7439da9
SHA1 3bdd9b208b3b0aa520b06878e38245318bdc2122
SHA256 1484ae2f13444ab3b15f0823011adbd0d4d0c1a19b3d23900bba1c59cffd65cb
SHA512 9c11cf5106da7f1b3510b2804fedb4b65a4242e77e539ee72942908637957f2ca956bdbb3bec4371268cc08a1767999f19e51c059488b440f71ceab609001cd1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3e0af3f7d699edac33cc1ca25c42c901
SHA1 263ecaa6fd0e1fbf7ee2846acb1bb7ff4dc33cf9
SHA256 85dd82c88d04b539cd8b516baf5660ba57f1f19d56ce38236645f657afecb15e
SHA512 e2dc14b3ea01d3ddd3028877ae2ce0e24ba324d759ad4e8f6d15bb6ce867b9ead719088795978af9ae980dddaf1ef1932d00c6981138217fdad5970cc607fd2e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:40

Reported

2024-06-12 11:43

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\MergeConvert.mpeg2.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 c101517e19b0ac8d05156012215b6d41
SHA1 e948c0c757c747f96a467337f154277d00bfce7f
SHA256 878caeffb03fcaa8a052d92ad2c5c004e5c92802e6edebbe5d39057cf2c6db82
SHA512 35b0eafd02365dd18f585eeee59d196e7b17b542c70a8db79dffa533e072e17b447a83341672e0f69c2e3ba5da5f9f5b229834579128d271a0e503cc16bdee80

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a06d9266a98e3f5748eada3b708c1093
SHA1 671eba720e9683000fb5d6bb12a26a6b68a886d2
SHA256 fd815bba0d7fe320b82bf37d0926f7265c1ef378ddecd2d2226c62d3f85ad35d
SHA512 011e89138973a68e2808003633a4d406418e51d58ede0150e95d4f977323073bb229d7401e0bc5f0739dc72335ec05c7c9d63821c54d26a80be8b2b0bfe02eb3