Malware Analysis Report

2024-09-23 05:10

Sample ID 240613-bsfepaygjb
Target 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
SHA256 20035df99ab2532e7887ccc5caf2f894d4bd28cff03569ed951e3b2756f5ae2f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

20035df99ab2532e7887ccc5caf2f894d4bd28cff03569ed951e3b2756f5ae2f

Threat Level: Likely malicious

The file 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3702) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:24

Reported

2024-06-13 01:26

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe"

Signatures

Renames multiple (3702) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 f788f6d6c3858a6f0bec822d3d5823f8
SHA1 667d018bb6612995b1f4e92d68b013554a2eb7b6
SHA256 6d95e1e60b554685bc365f9f44d59ee18c5275e70c64cd4c1530f055ee823099
SHA512 cb1862f41d537442ace5eb678abdc5556595386b6f5425eb2dc1ed3289d3c8d31a55203aa20be8957a2d17d7c84231ad53c93010d0c69164cf88a19829f71e28

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 12fd413738fe77e6ffab4c53871c61c5
SHA1 b54468a090fca98a7c0c6acc2a213263c515e70b
SHA256 d0e58ccede82a9875f3b4d1a609f87004686f0c69ba046c6276e642552ab39a8
SHA512 41fbadbe7cac90e0984bf2556f5452a08e42f488979d9da6f724dc608f66e618b8f0b4daf64ddca7f0d721d9900e5834a425b258670da218a685ef1101984240

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:24

Reported

2024-06-13 01:26

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\HideOpen.mht.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 15412c277aa770e381042d71987c24f9
SHA1 a2e7f9b590ec0f69f1bcb2aa9df18f9874569894
SHA256 747377f135e3c841ecaaf4c220091348e49f409cf62da4cc157d4c1c6fbbc4d3
SHA512 ce01433ecfd3169675de6fa6d12400b06744c011eca67e572704feb963936a95bd99fa99cae178c814c7aabba68983e0d585df218c1eb91070fe97ea8027bcae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 72f6abc3676d2192dd4e7bc630218b9d
SHA1 2915bb47cc7436ea0fc4e83f8a506089494d56af
SHA256 85cd8296ff20c0bbc57a74c9c95ddbb9fc65b11115cdd2795fa3998c76389886
SHA512 122d98f0b7091af0bd34cbf33789ed41fce2253abc7bd111deb462cbb3e76b020780b80b4ccbe30c81bec564bf9a8e925abb90eced992e3df6d13b6d0dc9910f