Malware Analysis Report

2025-08-10 21:22

Sample ID 240527-nstzasba23
Target 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
SHA256 01204386d084e6820be2f305f779634704dac91e51be36b843dbd44c6de5af97
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

01204386d084e6820be2f305f779634704dac91e51be36b843dbd44c6de5af97

Threat Level: Likely malicious

The file 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5028) files with added filename extension

Renames multiple (3489) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win7-20231129-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"

Signatures

Renames multiple (3489) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\ResolveUnprotect.M2TS.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 f34aa2332bce82ad3f73e10886d63988
SHA1 dd2a6bf05e8a47a023063083a00f8cacecd9c5a5
SHA256 691245fd07745cac970a07a33c3270127bea765db31cdb764f1976e8d8eb630d
SHA512 0afd3a5a7b7a113478105f1dcf61dcf4aafc5d4b51ecbd26046f68679505aa38804625d580fadf98a4b54fc6dcc3c2bb19d3d8beba387e571f13153b665ae8fb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4cb2380ddbffd11e6891e022e43d2fe0
SHA1 c9286702acf0edef76c990bcde72c7f208823228
SHA256 182bb19897769081946fc7b9a8fc935103fa8c4821d71f9c0f099d48c39ae0bd
SHA512 aea213a9e33c38bf8a08ffddb82093c0e6df0e9e3705296360756da69f29f80201386a3079eb65e4ae515545f555de8b8ae4a71a54edbca012956041b9f64a6d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"

Signatures

Renames multiple (5028) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 bda38c72f33a17eb7e668d9ef3819321
SHA1 80ecc6fd4ff7524de1bafd2c5d42a4eaff4b11f2
SHA256 044610d5f0b92bedc1e34583c3e51b4cf18f51cf7b36ef83baa4e801426b53f1
SHA512 1880c2e4cf71255a1e6a86e28e8001c9d22aaafedec1b8a4dca749375bac4c313edf1b66547777048791fefa118bed90e56c0df6e0fb66ab6f6c1c22cfe4395f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 77514767c8d991949f17b91e8155b86a
SHA1 386ed36fb96dab548e72c7b87f89d0e32fd86b83
SHA256 266df762c5ac66594dbfbe61953828cbbd41ffa0aa9b7ff34fbe156572f1509f
SHA512 0168b05f70dd3f1182c16a744d5a7880181afbe00c333599cc5b1db2028a03d30a7537f126c0ecd4d9bd04c7544bdbdd13b388034912fd2a0dddab68bf210c5c