Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-eg6z2she89
Target 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
SHA256 254d7796c618f88547f8ab7664dfbcf2f489e732a996921509866459d8a620bc
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

254d7796c618f88547f8ab7664dfbcf2f489e732a996921509866459d8a620bc

Threat Level: Likely malicious

The file 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (341) files with added filename extension

Renames multiple (1622) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 03:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 03:55

Reported

2024-06-08 04:05

Platform

win7-20240508-en

Max time kernel

72s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe"

Signatures

Renames multiple (1622) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Pipeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 1bffeb442413f8c6053ea649a339b95d
SHA1 1fc160ef409856fe0e82227d41f262bdc27fd1ba
SHA256 68df6f3c46a65da6615c0ba0fa106ff5708680897301c329c6b89b4f065cb437
SHA512 b50ff7ac908ac09c647767ce069e4c3cbb3a8b168cb9222d35e8035e804363b78956f72a6305cdbd6b6dc68e5c0c314f108b9bc70364c6228870a43489e08fe6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 470b32bed2ab8f73ecd69b77be676014
SHA1 4127f367e1d1ce92ac1dc24373c5ac94f15e90ef
SHA256 da38aaaf8e6487df92ec9efbc6e0d90e04b86498b16fb7bc98f6a8e5ccb9177d
SHA512 d5ab3e1e512d776ae275afda78538d905ea1b5da96b314a6d3031e8d1c46d589d056deac4a9da853290e1bcbe404fb09cbcecb9c332b11a61c01f7dcfbf51476

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 03:55

Reported

2024-06-08 04:05

Platform

win10v2004-20240508-en

Max time kernel

12s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe"

Signatures

Renames multiple (341) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 52d6723c1c3ab4587b502384fb68b36d
SHA1 21c41c5ae78e6dccf0d4a50cfa1ceba0625c2f32
SHA256 66bbb15a4ba20ae5e93cce60a4c967f1ad88977091e8532f08ca2990b54a7a48
SHA512 82b3765f9db072d7bad57e9cd58fd39a37bba73bb5165ac406e41602bd9077040edc7e64901de18dc258e24d3409ebe75d0dcd8f24c37e4f994d35a10931b8a4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 786cea863b5718b58ed46a2ca2b05adb
SHA1 29013eb5bc1ccce09cb35fe7e42d7aafff8036ad
SHA256 520a82fa1406627bcb910585c8160a30b4f6ea46472e07edd86265f5f7a47a48
SHA512 7ed9cdffacffa67eaeca3b4f75d455c6665f352be02dd489f1af30f1dfd9437eb850b5383c699cba42cc7e59e4feec38081f3280cb76493db378bb8fdea07d72