Malware Analysis Report

2024-09-23 05:08

Sample ID 240613-bwle4syhma
Target 53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe
SHA256 50ca0a9f93c1f8cd2af7e7f375b9cffd56f210c81d0d95149fd610242fa2932d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

50ca0a9f93c1f8cd2af7e7f375b9cffd56f210c81d0d95149fd610242fa2932d

Threat Level: Likely malicious

The file 53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5032) files with added filename extension

Renames multiple (850) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:29

Reported

2024-06-13 01:32

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"

Signatures

Renames multiple (850) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 777d3a0f54e6bf88ebd92cba76b029d5
SHA1 9d882baae39624ee8f069be32c84caa1fe29dcc6
SHA256 501be69e7c170e741edf0ed4a99d3baed5351d7a86b5f83f4f408666d5e1a4b6
SHA512 bd2b2264f970c5ee7b9254b2f9b9c0b77935c04db5b868486cb49ba293356faecfe53dd81d97e3ffc9a468623c782f3dc54bc660378a11831627be67734ac53d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 95976e7bdb49b83562d85bea7303ac4b
SHA1 34dad7db95ef64628c996b820c8835253e90e956
SHA256 824de559b641d1ec8d9e311b1e690e2bbc386c7dd6c10631a8e5acbd23b35c2f
SHA512 2e2980cbf27312eb73303ac2d8f05b0f87ec8d21239c359f0902e614f056f476332721c3bb57853a997764958ab3068a3f4d0ba8ef00a3ce222f1e10f97fbac5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:29

Reported

2024-06-13 01:32

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"

Signatures

Renames multiple (5032) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\53aec8dd5de82c1c2da6942706e5ea60_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 7ea722b8979594dcd8f96a69155ba994
SHA1 650ddae805fadd0249bb653455aa668d2cb4d263
SHA256 a09b49640b3d27aa5bc2d44be33af9612eca1d2e614f63c2b231b2d2d4d54ca8
SHA512 0172f74537cceba44e56986f47e7f9a5a6e082572d8241578db15cf4156e83a7342251e90e846a529b4c25bc537ec8d48650eb38fc2f331ac9db2f4253501f68

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 02c6e65282a22da3842e1c35be8bd8a3
SHA1 bc0a577ae7b110dfc9ad689c7350e7bba96c305b
SHA256 437648cb8590752c6656eb21caab74fb850c66a2534f09e65bac15c026cee240
SHA512 6fb3708c9d01ad208051ad78c698c9179679f1ba8bba8d5e60ccf406eb61d4f17009daba685224e346fff4869fef0bca254d577fc69e09ab8ac448ff3182f2e2