Malware Analysis Report

2025-01-17 23:30

Sample ID 240603-qp5mqsfh6w
Target a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe
SHA256 6cc46235ded7724cd02b72535068155aab49cff8c609efb7a53cf1ba1c65cfb0
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6cc46235ded7724cd02b72535068155aab49cff8c609efb7a53cf1ba1c65cfb0

Threat Level: Likely malicious

The file a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4862) files with added filename extension

Renames multiple (3466) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:27

Reported

2024-06-03 13:29

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe"

Signatures

Renames multiple (3466) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 aad21843489b0001c34be3f9089b08b4
SHA1 f8876b06909de0a498bc7f7f66491abff77cdd09
SHA256 308eabbdcdda3318dcdb23070534f36bdbeba658ff762ddb9d3147c347da6a1e
SHA512 9261969f2e755ae9c1e6b3ed096fb9ba46010efe96b422dda0301581646b78a4354d947cc379ebd4a602dc1db38d1257d86ffa230a45fa088ccba7b9525b3307

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9d81e3b4e82268cd481ab1d508482cc8
SHA1 8ffd3122410daf2afd76223b439db705f1562c11
SHA256 9c27d2a63ded8e7f4ccc7c2d4e40731f5437ec6bb643905a60f4d9fd0778cae3
SHA512 c84d48807d75319f61c49c1364d1732ac1fb8e58e451542b7850d45057ea17f1568bd77d785a9fefbb16484345eba83711f02c7733cb8319456d5900794c4da5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:27

Reported

2024-06-03 13:29

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe"

Signatures

Renames multiple (4862) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4ed7f889e246c29a0f37d3347150b70_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 6974ae96fba53dc607f6e033e460b6a0
SHA1 5a9d58d95fbb640264aa0c50e8d99e7d01ad1abe
SHA256 db8dfe7a1a15b3a1cd1d096450aff8b98ee15cc421edc7287f1e3512d442f027
SHA512 a07cbb57db83236be5b1197013230029c7ea3fb0e5abec037d5dc4bd215de507357b37cc93339c4ff10fc2d3717d1c018c4213f4573cd8b984b2c8346068068a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 afbc3d2993607466ec101d8ae3147dcd
SHA1 794e15eeed2eb2a717481a7f2a7970966e06072c
SHA256 9e1dcbcdd9e7b8b9a8e90eedb3b9e4af6f13afd8fcf30d3082c50219c75adb63
SHA512 c0623de382ac46ce06c4d5cd10040bad2f0cdd5b1a013ab4a86642dbf0d28362afe2df17d29bf8d6db2629288afe46119d6bd4e4b36d5568ca7da6ced1927aec