Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-bb663sxfle
Target 21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe
SHA256 ff2fea36cc8275a835a7c43d663aeb3a00b032776cb361fc6350b347ba80f600
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ff2fea36cc8275a835a7c43d663aeb3a00b032776cb361fc6350b347ba80f600

Threat Level: Likely malicious

The file 21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4869) files with added filename extension

Renames multiple (3686) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:59

Reported

2024-06-11 01:01

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe"

Signatures

Renames multiple (3686) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\JNTFiltr.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 982228e61a6a0d6afcefbe47b62ac911
SHA1 8cd2b2c7f2c5b7467d4072563802fef683e16c57
SHA256 f37dd37b864d766e410c687577583acfb3c8abfa6ad2d17698750506751dc59a
SHA512 f62f95edc05c945ca5d192b97d70ac065acd1c23629b762b6eeda67e390cdc333976a3b279b27cf9b732ea42b98dfd78f5d47a1af7d4624c9c0241006cf83a12

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7d965e8bb82fc43b3316250c76bbad2a
SHA1 0baab4f240b6a1dafff9225b0ad7d89bc00e4b0a
SHA256 f8c8ab10dc359c35cce6fceffc500a0953542cf1b94b3f599e896c3b46e4567f
SHA512 11b2448badf2c431844fb6763052faf4fe6f9d8c83331163930a84a54ea2197dfe0e0550c5c5d5041bb19d786a085a7dfc7961292f8c6a40f212a1c997a567c6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:59

Reported

2024-06-11 01:01

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe"

Signatures

Renames multiple (4869) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21e3ce5681879abe3ecec9b8f42f4080_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.167.79.40.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 b583563be236d87619824dfce3d992c1
SHA1 5f422d9c4bc45810213c4cf90dd52f7056b99c02
SHA256 ddcbabe2158df1875eb23cdd582c45d32c85cb85763ada4adaf32de430686c16
SHA512 c6ed034ed73ff05b053867b7545991ef91c99b43e9a4efa888ddc1781cf21fd9b05d7cee1316198f6bfd3dd9e56ddbd1dd6dd73bd033d20293c50eca17548ac4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c65d9cd78a36045a98b53e3e10d80fec
SHA1 3bb5eab41d4e0ff6e24f91a7ad275590af97cdfe
SHA256 bc971f98355182235e1db34d343cd0b51164191b95537ff2567b159b801f189f
SHA512 7aa552388bb56ce9d6cfbc1e9d364eb2c10dd90c5126a34cf7276f49e1e7e5a125f3f64147dac8f84d7c708a6668b98d144ca5fa93fcbac2b8cd52c4262102b8