Malware Analysis Report

2024-09-23 05:10

Sample ID 240613-cljzzavamk
Target 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
SHA256 8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a

Threat Level: Likely malicious

The file 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3777) files with added filename extension

Renames multiple (5246) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:09

Reported

2024-06-13 02:12

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"

Signatures

Renames multiple (3777) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 daa0f96fb35588d954c140cd21ec0692
SHA1 360f39b2058c898d326de685e07acaa839ca27ff
SHA256 b17d714afc3622697d16f794e480dd777aeeb4a7f4efc37cb67e6bfe1f57652c
SHA512 0b50def3eaaf040eb3bad564c1f7ac081c6dcf11d70e4d79b230485408b9d0806f4d4ee39425b3f8b34e48fb9a1bcd76b566cb6cd2d7175f06bec47b92b87dac

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ab9806296f930697d8f69b1d9f219547
SHA1 6082a73e43d7416bbbfb9f64a8235e84c4ef0fb5
SHA256 1431a3a9e842076fbbd0f1d0bf1719fecee2b0725cc2aa871dcc378d4836f1a5
SHA512 149e2566f9cb700cd9d65d30fa87f35ab1e5fdeee68323ed5fd6fb38f440892dcf9d1a6c598f0ae7f11e7c83a113797e12b01e408d363a6b9ef688a5f2a3efb4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:09

Reported

2024-06-13 02:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"

Signatures

Renames multiple (5246) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 532d6a764ab01e8b7595dc07c549e410
SHA1 5e59e8487e4d03de7086d7f46d49be6822686d6b
SHA256 3622186c98f59d45c27d179eab6e5d901f43455b221b118f0c40be6dd225dac3
SHA512 ed71a170514c7490b22f999db8e96b2d5a21b9e9ba9931f7cb649216511a2a6f2311d3bafa7006784055827213a2f9f3b4c58ba7c92bb3a41fc75d45a2410a7c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 03cd5ddbb931961de0ce0c298918fa8e
SHA1 7055b548d8f309007de07c641ea3f1c70ff2614e
SHA256 acf0939a548e873273c7780a9c0227178d522692d980449d230c7357467c83c0
SHA512 b92f9a3680b658e5620269e5f42060e4bae85b72c00fe4c6191418005deaf6f73aef8ffc7bcc3d6470f9879e80ff26bcbc5bf536868abc51445bca31c25e27a4