Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-b112csfc3w
Target 80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe
SHA256 b95ca2adf5b966c0471262b8f9fe3b9740bc0461d7fc92f053d0cb62f4a15823
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b95ca2adf5b966c0471262b8f9fe3b9740bc0461d7fc92f053d0cb62f4a15823

Threat Level: Likely malicious

The file 80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3762) files with added filename extension

Renames multiple (5357) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 01:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 01:37

Reported

2024-06-08 01:39

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3762) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmlaunch.exe.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 c124294ef07335e116e5fee1a5a78fef
SHA1 0929fc04e4f2affbcc6fce382962de9467bd0217
SHA256 dd5434b92487fa6150f17c68f0b54e0ff8b4de6fc85b0daf8d9990fc452e83ba
SHA512 26f2ae5cb074869bc6cb9ce26e4dcaed70c96af441979463547fb2dc6ad22de40ab125d4d2bae364b4ee2edf92c65ffd281b8557521cc8e943429749f374175f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 638dd072a696f28f71d4a55b261bfa98
SHA1 65433e9a7f6649b65d38f82b75a02c6a8b3785e7
SHA256 998c6fd4921a6f93cbda74469061b54dfdb5cbeb732b3c22f621313716f401fa
SHA512 26ba37badc1eb24a0eae167acaaa58687f6168db47b67a3958a2a55fe10f04c06212790ae6bba58b5dff908e3e34908e8607264414bd79e02b3aabaf25ae0e5a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 01:37

Reported

2024-06-08 01:40

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5357) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DebugBlock.dib.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\80672aeb9acf2d4a3cbf66be481f39f0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 96099b3894a1c40c7d56d199ff0523da
SHA1 714ccdaa7cb12b48d5848a977073f7648cf76dda
SHA256 580436b2cd7d6aefbc40f09962968ad4376fe53090f165a003d90665fbe2c273
SHA512 037bb73141b2917c097d51da94aaff925fd06c300cdfca6da2f7c7b93284e9c3b9146e9d73bf1e6bcfbba1498dc92d492aa8dd0cf5d0af4f8907686388ad2bf4

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 a8aefbe124f820a9779e6b8febcdcc7b
SHA1 bea5ad8956472ab13fe5bd4768d21c20c3ee9dd7
SHA256 5ad538a58bb2467f6d294f7f7f540f4a4f0ad237c624e50edbd98fd71e8c0409
SHA512 76873a2860b775adbc0bd17766a4cbf4e9c15119058fffb7bdb3e0a63ede96d524b8681b774c31e017f5b0fd1dccadd72ec79de0818cc8b831874b0d9ad9e910