Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-bzb1vafb9w
Target 7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe
SHA256 3fd01ecebff2f55154afd3feb09a52521fa8caf9483296a1f909545869fb0bd8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3fd01ecebff2f55154afd3feb09a52521fa8caf9483296a1f909545869fb0bd8

Threat Level: Likely malicious

The file 7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3728) files with added filename extension

Renames multiple (5194) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 01:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 01:34

Reported

2024-06-08 01:37

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe"

Signatures

Renames multiple (3728) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpRTP.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 bc163135ac88489e27120d86a301da01
SHA1 4e9a54e4c902abaefbb4b770026ca0aad3d0924e
SHA256 f767390d44e1f7f9c4ad09e54136cfbc72e096dc612b456bca1ef16ce86e7faa
SHA512 e96fd68c18a76cfbe957e7e48bcd9d852307c9fb5f81119f231f2b87f48af6d1671c89db5625d325795c8904d40e6fb666f2f932029546d94df09adf316881ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e92444d26ad80ab2340c6756ee770c0b
SHA1 e3a754abd9cd5d1ae93402d15c5765cd79732c6c
SHA256 fccb80c3f0d028516d354e081d6ffaab62bea5308a88b6ddd0e92486d80a0a7a
SHA512 76ec09af4658d881cf3147942533461370242c59bc220cc0946cfb386f6d9987efbb9008667da7a453c7de0795aca6d212bd5678f44a3b0b2d2aaea7fdb7b3c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 01:34

Reported

2024-06-08 01:37

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7ffe025947477656b2fd33dfe1187990_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 a765356b720536eb7742caed40147112
SHA1 c0bf9791d059321bc6f4a5d7fbc6ae58aeb3affc
SHA256 ad2ab28d202f6f9c2aab4748d3173ce27f294867a42c205808f55af666fdfc38
SHA512 a74db284769e39b9538c224623725365bbd59480b960fcf1276f2a63e03f4df1ceef537c45c3d97ba616e03c4d6da5e5496081e6e3ed1e7085400869d8776aaa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9598a2834332b5638f1df8e96817c21e
SHA1 d793f2ab6772be85a529d75d8d0a696855f2892b
SHA256 b538678e524fd0dadbc12dde7a872a4c932bf99d14f56ebbbe5f1561059fc55e
SHA512 727c1f686cd450aac18bc8a7b7c42afeee476f61309fd9adb7f478af63834ebf891fe028c23f6275dd8cd4992cbff7b9880ea461852553064858cbfd835f18a9