Malware Analysis Report

2024-09-23 04:36

Sample ID 240614-dhd5zswgpl
Target 9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe
SHA256 5fc395b98618d74f340f9bd417a6dfa454ccf4d4d264c936e0c818822baa271e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5fc395b98618d74f340f9bd417a6dfa454ccf4d4d264c936e0c818822baa271e

Threat Level: Likely malicious

The file 9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (771) files with added filename extension

Renames multiple (5013) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:00

Reported

2024-06-14 03:02

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe"

Signatures

Renames multiple (771) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 4dcaa4f645fd9b906e4ae83181dd609e
SHA1 13cfc4f6af0605725910eb3b4eb02bc1446facc4
SHA256 f2d150f170cdb9b0b328da158e8620c6f75fb097009100fe08fa47eba68e0e4c
SHA512 94a503f857cdeb547d3c7b5942d6949217d9f6a8c3cf77eb30528348320794111f273b9d57e9514f565dc7b62e5c513617cadc91cb755b1e65fb2a817a8f3ed5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3645c371358066b03419ab688ee43b37
SHA1 2f4f6c4db9c6b5a9e4e02fc2c9f85a77f3b5581f
SHA256 a87554f3187245f70964f9b5b11dd90d1c7da3b7483fe0689cfc17e2d6461e35
SHA512 1f219ae45626fa585c752ebafe20409cbfec023863f6ba46ff7133e6484ed9af9a300e542a5777473cc2aee99de08d220c59d26911d1c5db99cf4a05fccbcc51

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:00

Reported

2024-06-14 03:02

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe"

Signatures

Renames multiple (5013) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d2174897f01ab0726ebae70fd5a1ac0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2736,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 53cafd5e7bce221bccdefafa4ce5c824
SHA1 e60b1839bb829a1d395a2f3d81cbf1a0e6676532
SHA256 c99da62232b90c9d758ed5dac325ddc179b3d66368f433227e2f9b5aecab2b98
SHA512 301f5f4057d3bfd6aa24677b0d2e4729c4ea65adeb0dc452458f44b83a56c39863f99a7714d85a36785c080a89ab431afb659c482f034aeaff047312a82207c9

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 3a14b15a65a6579d2d448b80f64fef26
SHA1 7592be1754c6d322f17ac2eadab8884f014502a0
SHA256 c8a1f7cf182203d7384755656ef1bd997bcd068f84cb6304c412018a1a1c131b
SHA512 4a10f2ebc3e0c6af086b70d5fcdebd0dbab141d4c2a144dbdf3b3453773028e6a1cc491cdd92bee2fdd98dbc7aa4de04dc9d3b30b0d13006ed2290c3b08385cc