Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-cecmbagd35
Target 81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe
SHA256 42395c23f65936da324e0a404ec859cf59f41d7595c35bc7fc7c91c33a156ec3
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

42395c23f65936da324e0a404ec859cf59f41d7595c35bc7fc7c91c33a156ec3

Threat Level: Likely malicious

The file 81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3794) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 01:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 01:58

Reported

2024-06-08 02:01

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe"

Signatures

Renames multiple (3794) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 a98011b27b67963f25b34b4051859fce
SHA1 ffe045ce40aa5ff50a40cfc1f72d01aaa75e5a46
SHA256 6460d911f6fb929fda0d7fd1b70294bd2278533ab89ccb27c0209d9b92ca6896
SHA512 ae753bee9d45366966238025281996bfa15698723c45607d4b54e3f8f77b32e46c19b8f224f02e149f8e563802091a94000c0b9a6e643f11aa14eef4fce88def

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 78531e5297847a069346ed63dd7a3891
SHA1 8d7dcb2c25c9bf48fb802c391e50dc848068dfb5
SHA256 e8729f71f76f62de2b7415f0789a08b920fca217992b23c8d78ef570ffaed54e
SHA512 88c9b1fb72295cc699fcfe116a019e4a20fbdffca6f78eb30cc98a6d2cb229ab15a5dbe058e3fbf445b17cc81c51c4768b1fca4085c0f05ce1e72a0dbe7da3de

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 01:58

Reported

2024-06-08 02:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\81d12dbb020cf5d963cf2239ab75b020_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 195.201.50.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 e0e952db5cd8650c4cba640e125a80a5
SHA1 35e310fb4423ca83ff7595ce698caf6da761ba52
SHA256 7e9cfce269370126ccd2777ea7066a39517130d5040b6daa01df17dc60979d14
SHA512 dc746536718838a4323a130574d064c8c56af981818285b8a6327fcb0c807686bdb279ca702f2cacdd7342ee94ea6a7454465e78df7c9152fe4096fb178b98e2

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 3bbacf52e50e57fa89f898804f73cc25
SHA1 d19bd98ce058984de40ea0e444d9d7dc42ef49d3
SHA256 5b5da1a7d7f78e7a4f2ad3af8b561c300adf555f609f88ff1da7356aaa40ed41
SHA512 ee791e71e2809d601bdb320697416dc36ff0e5790267057371845be04fe22328dee122778dc1cb81ecdab1898bd36ec9824286e219d4dd09d61f6e3ed893f5a5