Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dk6ysashlb
Target 9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe
SHA256 dd0de9ce91c78b03e8c45b602eeb5233261df2ee6591c0c4138e66e19bae4a86
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dd0de9ce91c78b03e8c45b602eeb5233261df2ee6591c0c4138e66e19bae4a86

Threat Level: Likely malicious

The file 9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3451) files with added filename extension

Renames multiple (5249) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:05

Reported

2024-06-14 03:07

Platform

win7-20240611-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"

Signatures

Renames multiple (3451) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 70dcf83e0a7da9edbe9fb423e6e56eb7
SHA1 1e8013d7fc0effd8332bc8153ec43463bbebab2b
SHA256 a8fb59819284081bbda6716d98b9fbdfebf44b7a33c742e3c1efaef7d1108094
SHA512 3cb7096728659e533397a13c8a9ed9debb0249454d2ebd2394a07da656e2b1d97acbea3706d1296c6aecaf8cbb0d0c9a15ca08e68a1fde0606004cc3cc14a11c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b83a25736fa85643d7870432cd0f6ac1
SHA1 62efb1075302d01e999c3ad2f4d47ac398de788e
SHA256 f00f9e0926ac05d9228e3bbd010cc044122f86d6264c1a3e8d9557728b490ac2
SHA512 995176ced5d94eb88a21a7309d99716096c7a197c9cb523d7cfa3096ef72380da70fd0bfe64de8a194cd4daf1d50eb0e4faba00c903b73c00ad7081d466a17f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:05

Reported

2024-06-14 03:07

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"

Signatures

Renames multiple (5249) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9d6197fd33d709cf342a114ebf615b10_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1336,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 283e661251a568ed96da52feb1787c02
SHA1 2ab9421dd50fb6f47783aa8f4381f4aee9a47ad0
SHA256 4bd36f70df956432319ddd9caa61f11dc7ce5a1791ca4e75fbb1507599a03f49
SHA512 8664a98f75a91af9e776eaf9267fde2942741c92e9b64463f8a799b2a8a7c76399c4e631d940d38e39741fbcc25161bfab3ef9612443f320c579ce61b6d76f10

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 5062ced87d97b500a055567d68c3b893
SHA1 590a5e613e657f6f9a7cffd534de4437a30ff59a
SHA256 a8526cc74f2aba9c14c493c9f1c8b286b4031c8f13ca58aef081a81df306db38
SHA512 6a68d30ac5dbbb0ab6b317f3641e13f40621de3b7e6db72dc8b4885b193fdfb37dddd883714087f382cf61398f51570407f55cd26b0980aedfe9cfc59729415e