Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-eq86rsvbrd
Target a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
SHA256 a071f8c717d3992f1752ccba135a5c9a7b44934cede86da59cb455985bbe7b08
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a071f8c717d3992f1752ccba135a5c9a7b44934cede86da59cb455985bbe7b08

Threat Level: Likely malicious

The file a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5006) files with added filename extension

Renames multiple (3723) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:09

Reported

2024-06-14 04:12

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"

Signatures

Renames multiple (3723) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 ca6225876817dd28823fba44ce6eb687
SHA1 94bbdf2a1f2053942a6831eb711df8a0cd536b77
SHA256 4beaef0b9b00af3047e93af209750507ab2752da10a6a79da3a8f0f8c8e98ebd
SHA512 ba1d9a821c290285d7d574a7d03bb89e829365554ec5435a5c2649390989229299735b04c47ee780e4d31d401b79cb3dc23f5c2beee6ca36e598de1d0bc34ab6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 91c7c52e6936b1ea378dc65da94671d6
SHA1 df7e670f19b66c9661584bc761c9969e448b47ab
SHA256 929dacfcaf8991414d77d8a763ceb7eb400045128b6cbd25ff11a5f58b6f4578
SHA512 4ccb25a20c386497209557c4cca4d874bee60ccb5cd63069e1ccf5ea087818f44916836c2caac594d31aae70de85f1812cae9d4447febe3c190ec17632fb0abb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:09

Reported

2024-06-14 04:12

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"

Signatures

Renames multiple (5006) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 13.107.42.16:443 tcp
US 13.107.42.16:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 43d642b6ff2ed4cc0176d884e890f101
SHA1 80d6015f93dcb8c555f2c64ae24ff3351d817675
SHA256 05cf8e3dc49bd83cc46d244dd78f0e44312deb363eb1aee002c02a87a6e140a5
SHA512 7a1c3de434d00b22844211ed670342147097f775c67cb265cbecf4392ddabf85e3cb5b1261807df767e1a27985130757922a39e4a1f2e6a1bdf158dd763bb065

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 f603a768cee773aff116a3322e21e32e
SHA1 3f81a3e1a18d44f2edf47a8339a8ff6d5c93b303
SHA256 1ec01f15c120c7a391e9e93d3633510d74433a1876c568028d8c0da03e47322b
SHA512 f266f76116acc71b9f6d0841a72e11874865cdcc579b0f6f3c031d602209921867046803eff1bc5d40e8d717d91d0469d7f959675f232e09ec040e6e1a77172a