Malware Analysis Report

2024-09-23 05:10

Sample ID 240613-dbbfhsvhkj
Target 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
SHA256 4885bf1891f18d4ade0835a78f1d346dd95f244ed6cd9cbfe24ac1684a0ba73e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4885bf1891f18d4ade0835a78f1d346dd95f244ed6cd9cbfe24ac1684a0ba73e

Threat Level: Likely malicious

The file 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3470) files with added filename extension

Renames multiple (4726) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:49

Reported

2024-06-13 02:52

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe"

Signatures

Renames multiple (3470) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 b834da3e98a6226fa64e5c21fbc1b1c2
SHA1 1d1c2a4edd21055d61252309cfe5926109476438
SHA256 c64a95023f0542f0d98c27c9fac4f3ec2747b0d2ad01a2902f711b161da37594
SHA512 7e31c3c51da48244dda306a5b47233657dc81d5655ad1eb0eb79322febe2947f066a9ea1e093148bfad08faddfee2182f2f41deaa2273bc600624b3a51086934

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dc5b5a7199d991e796d2d7ee4ebb048f
SHA1 8dedc92c2f048faf3d9093b2ba61791037b1ba62
SHA256 a83bc6b87c2d5471083e488d2097ea1662ff97d346c2120fda9cb27a53559996
SHA512 0e50db179cba2503918b793cc440f5b6591600957e3a1b7e4f81893b7dc96a174376e77f64983e8528065cdc58f6850670b61d6a8c25b0f89df35fb14cf218f5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:49

Reported

2024-06-13 02:52

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe"

Signatures

Renames multiple (4726) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=1424 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 52.123.242.9:443 tcp
GB 52.123.242.49:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 7459f0dc45eae75b2ce8cba34a2cb8a5
SHA1 d874b092dd18f1d3171e2f5ffd2dee28ac7435c5
SHA256 bf8e5654b27088a6063e05e408766d53cf63d73134c0ca4ffd0c4c24119c27c4
SHA512 0920c1ffb2485d721e7c45585c1bd8a88d477c54faed45494e1c53dc87b759b095bcc7a5033dc5aed9d21066de4f6cde7c79f8567e249ed73b5662a7b18c73b5

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 baa72c64cb1b32ecd740b3d6ae8e3bc4
SHA1 60783066a4481e98d420e433fbb175376eb844ee
SHA256 5c019687a408faa82fb7c88ed19c33c420d894ca7466470107abc41503738bab
SHA512 2f985f9b24a1f57a6be5338f9616b262d69e1fdcd8e16a90de149aba8757fa940106a2be5d3051517d16762f9bc9b0d59ea4117b42686d23f7d0c96dae13f8e8