Malware Analysis Report

2024-09-23 04:29

Sample ID 240614-bzfzsstfjr
Target 978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe
SHA256 365fab3ac7aad062ac222d808dab6aa03bf6fe4e6a329864d33dfa1bc81225bc
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

365fab3ac7aad062ac222d808dab6aa03bf6fe4e6a329864d33dfa1bc81225bc

Threat Level: Likely malicious

The file 978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3836) files with added filename extension

Renames multiple (5265) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:34

Reported

2024-06-14 01:37

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe"

Signatures

Renames multiple (3836) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\InstallRestore.xsl.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.EPS.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpshare.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 572ccf420fa5fe64d1602bb685608e8d
SHA1 a4f56e020b21f9293f2f4a29e792235d176ef337
SHA256 5d3e9f955ecf577552d3f50d673b564c7535eab264c4d6bd348aa4248a193fbb
SHA512 3e166d0f163e526c9e9a0725605f2840708a8360f9bda39b3b5f93bb53c0a3daac4ef288996e4470d517fdb47375fe4596c3f47dcef4ee314e291aa48657f4d9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2b64f71fd60fd7aed2ed33adec8acfc0
SHA1 8a22e942de3374815e6289da60848fed328a98b2
SHA256 2c7342a09c9f77eae46d0f0f428b083dcae207982f0e3a46f29236ed086db182
SHA512 0a2966ee7ab3e845c301e62c97f9931fd5c03c081b559ace16472c99d730bbe44e439a149af4b307b975c02ed513e36953b36d565d247e30f8dd06b2d77d1f92

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:34

Reported

2024-06-14 01:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe"

Signatures

Renames multiple (5265) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\978f5e3e5aad6c7a40f0719f922ccf10_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 c298ce9e6615f47bc3996960e9cb94c6
SHA1 ffae35dfee0b168585853db6da0533ab1c6cbbf7
SHA256 da2b6967873fcd83268143a61ad7285f31e17fd5478caf3e71d906816b739966
SHA512 619658443ebaba097703305a890f20c978fec5a2383352e50d375a0b1b384fcede50809280463a60a42ae145e87b0471c14d7863f330d1b5584a20578e0b073f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 122ffd405ae387c5b4d3cf2f3c76d5d6
SHA1 05dfc31a14f1ca306c2e04563ff3d6662613cabe
SHA256 7da531acadd569fed2beac46e548c9db22a5527165df8c538a7e6f84fc77d47a
SHA512 6c5a4d7d2a5b0e49dfb408e5e1a1d523d3d3cffc8cb9916d4be6756f01bcb50bb9a7e3e2c9597c497034924d8a284ed88b03b3f474cd60ca198e06941a07886f