Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-ax2caaxapc
Target 21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
SHA256 fdb2edeb35acc42eafd3951cf4c8575e96ff0e8c5200de2c2c6fdd4f87c59797
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fdb2edeb35acc42eafd3951cf4c8575e96ff0e8c5200de2c2c6fdd4f87c59797

Threat Level: Likely malicious

The file 21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3742) files with added filename extension

Renames multiple (5070) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:36

Reported

2024-06-11 00:38

Platform

win7-20240419-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe"

Signatures

Renames multiple (3742) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.cfg.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe"

Network

N/A

Files

memory/2180-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 8d357b14355b4d5712d20149c420d0d8
SHA1 d58cf768223d3346f59de3ee6b5c6345134a20c3
SHA256 fc5e52c96f95a9e0d69427d2cf3a89bb66e2d1f208a8fcba946d5598d9c81d6f
SHA512 eff2c74f6bc7fe2625797e1d205a55ccf615d20b28c93aaf222c7d7741da3ab17016061d7e736fae854535059f5de211dcc976c8a08aae033eaa3b403dc80205

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 28adc6d3b79c1fbcc3aabb81c4f71705
SHA1 ba83bd4583792bc7cb2baeca32fe7ef7a37008fd
SHA256 548a7aa99a6e0f45de03d5ea79eb3ccb4eb1c2189798fa8d3af95c40c2f54ea3
SHA512 5f6d179a214816e5d20fd3b3cb7a031f6fc1e4dfb7ddb0ed13e17dab5acec811c2928d4ee5a137905829bb5166888625d4fc1619baed6d24e6a63315d1c8b7dd

memory/2180-656-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:36

Reported

2024-06-11 00:38

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe"

Signatures

Renames multiple (5070) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4448-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 add26be5c370571d8e513ba218af53d0
SHA1 9395a4fcfe5720ba4eeea755cb6c6a7a5d0f2867
SHA256 e5bfeda865747f13246bd27be3ecf63a159b7853ab610a1cf7e3b6273a7fa42b
SHA512 e859609f4116248de502904bb9c159dc80b001a604a4e8f72989b506d0d2a7ece0e20fdba58d8392644dbca91d7e64390fbf54d24bcb8be71953372834aea829

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b893228f7eff92ee2eb04c2b4169c229
SHA1 56c8c852509ef90d1a8cc21a116dea21adef5e9b
SHA256 2247099b809f966d3a21fa61a8d43388bb74f29dabf1728a5f5ff5b5e8a7c5a9
SHA512 acb38b263aced9ae36afb8dcc72a5a4f9b3bd366d85d4f436541eca0ba53df272b34df17fe2616caeefbd53c5ea026ba507f95682c3593fd13e3c0fedad03740

memory/4448-1854-0x0000000000400000-0x0000000000408000-memory.dmp