Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-e2qtkayfqn
Target a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
SHA256 7af5f739a9897bca404d5f4db7519fd3aeb68cadb1e603abe6e752d4b4ebc0ff
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7af5f739a9897bca404d5f4db7519fd3aeb68cadb1e603abe6e752d4b4ebc0ff

Threat Level: Likely malicious

The file a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1162) files with added filename extension

Renames multiple (5256) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:26

Reported

2024-06-14 04:29

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe"

Signatures

Renames multiple (1162) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 f4471e269758a9fd67244c394c2e02d8
SHA1 a97205f3e15875a725c8e3ce59753b012750b9b9
SHA256 4818c93342f2cabb8d252e6cb71af62376c1c3410f28a5bbcd449db970f34980
SHA512 5ef9a6053b0918faf370c12a4a9c244b6d71803217818a026674e77a0605ed016f617ec26943d8551fa676c3d4bdad61692198e623eec6ab3d2b688c6820d396

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 54ae7086d7f1980e4239e4aecdc514a7
SHA1 cb563106f9c6cf617b707c9e8dd817bb17819fbb
SHA256 927a07e17d5c9aee51434578a3f918b984d948832573dec966afcab72d9d7fda
SHA512 93e746eeef68ec62dcc373ae8ff368da637bc8d4ebd36d136d41181779a25b6d7a1aba743bd610e9ccc6496e1fdcc39ca8aacdd4384bbd43c8a5d0e24c02b58f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:26

Reported

2024-06-14 04:29

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe"

Signatures

Renames multiple (5256) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\JUICE___.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\InstallProtect.vbs.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4104,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8

Network

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 5b91964be2ca76be1b723590a65e8fd7
SHA1 6cf5e2e78af9287153e4abe7ff143bf7a3994ef9
SHA256 20695803f40aa0756ffef37a008a56c8557197aa4dd4e255db6e97e0d6e3c4d4
SHA512 1bc88e6536a2044af1302972e9c0df48570eb42b53e139dabe7bf7971e2fab831c85f991b493d4d01512c8273daf0c7edbf24a1ba5425018c5c06638767e3b76

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 2d4f8773e7ec1ff75f052dcc3dd354d3
SHA1 9689f685d012c089d581bfb3eaef151816dec704
SHA256 df372f06a982a1c08c2fd6396ce3a4fbc0f7ca4265b5425d95866e81fd63c42c
SHA512 0b855eed0721171b64678cfe35a5c5069994853690ea61160432e76ba9557e89939d3de3ef70e12064d04a41ae02245985b2e9383b540f92079708cea04df111