Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-fbb36avgpc
Target a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
SHA256 02c08dca00a93be13c68b3dd0f769fa8abae118ed06627a1f4c459da0b8fa2c6
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

02c08dca00a93be13c68b3dd0f769fa8abae118ed06627a1f4c459da0b8fa2c6

Threat Level: Likely malicious

The file a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3564) files with added filename extension

Renames multiple (5326) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:41

Reported

2024-06-14 04:44

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe"

Signatures

Renames multiple (3564) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 58ea963d5f9110b843b0528d318db009
SHA1 96a39a706a39aca838237ceaebb75d14a4a7c08c
SHA256 1cc3bd6c41637e402c5d97d9eb6cb81924dced36965324323b0622fd94484d3b
SHA512 c23723c0a7c94fc6b01e59ff2247e899123516b280ae2fa1510262a46e01cbce6d72d51744dfeaa90df2872ac3635e900d678cdf3d64134d8c8931d2ae1653a7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a7b4e3e81008cf882b0689f83cb6822f
SHA1 b28d2eea55a81526df5c82927892fc8fa7305cd9
SHA256 248ad195eda200ffe02869fdcc381336caff6ebc271b74881156d289fa541c07
SHA512 ab00a7e8fc7bd51acd87f7f4c3d7997167674ba02cebb532c9ba1eaba7b1c0d795a87481afe5642926541bc719d7a74ea3df363abbf20e8115497d622b3b3654

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:41

Reported

2024-06-14 04:44

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe"

Signatures

Renames multiple (5326) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4232,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 404d1471841c7b7ede7ba526fb48a25f
SHA1 e9d53e49a86f3ee67d5b65f5cebe593ce8d05034
SHA256 d17259aad0f02afa734432b02acaa965747f4432c9da4647ee2fde86ccc2f09a
SHA512 f410d6b604cb8f73ecfbc9d2ed034f888a2ce81ad2511ca550f13d00f79b16a64b3edf38a7d44f97cba7963b43587f13fc13c8ccc6b14c94b67641ab3a84a993

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 97e69308ec479e34596d68d9c9d20e06
SHA1 2965088bea301281ad24b52e1c51ad2781073a66
SHA256 185a217188c06c8e93aa63ce24d0958d9b8cd61371266c7b5d0f7c66aa74f4a7
SHA512 0b8b6681835488c279e582d37f89f37ccb4246ae45479ece70758710a5caac0a1922002e2e9f2284c761c685104bbd84bb3747e6f9f302cd7897eb0db8f64e84