Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-2q4ydasalf
Target 174494559626f2fb95c3881717db5460_NeikiAnalytics.exe
SHA256 3e1a6a18c147fcf01884df7ab48894c3d83f1149dd7a8af751f2954f61d1ff7e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3e1a6a18c147fcf01884df7ab48894c3d83f1149dd7a8af751f2954f61d1ff7e

Threat Level: Likely malicious

The file 174494559626f2fb95c3881717db5460_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4886) files with added filename extension

Renames multiple (3433) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 22:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 22:48

Reported

2024-06-16 22:50

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 2cce5b29dcc83d8a3be815b41bec96e9
SHA1 2c771588c7e5041748a78227c0e9e375d646e4ae
SHA256 cdab68e7b0ccade2052fc30cfbee32a8d1c1363a0a03448a4813533fb23e10af
SHA512 fd8259291b2761d0a538e9412918d9c39b3cda11de517d1776265f52b6c38043ed04f5c5e5f371bd809f0ef8e3d76c334a7a862f665f906b11bdcbab3d22cfad

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dd50b227a03745e2d7746eb20504ee3f
SHA1 32d900925f9d71531773bf723fdc7c18f0e899f1
SHA256 8b8fd6a1e6f5d007de3c3650e9e77efd4364616b81e82169d2228d371f8275a9
SHA512 4b03a8f32d0e275db74af5a5a744013c6c3f0600c308922758d3dfcd12a5b5c7b7bba6fbb30d5779412e5c8e7bcc2af0085954c73f615296f26d88c61f44f8e2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 22:48

Reported

2024-06-16 22:50

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe"

Signatures

Renames multiple (4886) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\174494559626f2fb95c3881717db5460_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 7a8e0368ab138d7f73b6e2ff64d9ad14
SHA1 cbe00c5d2aa73f09d63bbefe2b3a7e1b827c704f
SHA256 527bd7011191bb80f5b78f3f09f3fff506e40b39db48fb3ae72e4aedccb8d2ad
SHA512 8a77681c987a984c9e17712df6b737f6efe43e49e79a07ea14f2253b9e75cd3a3624606a0c6f1850543e71f4013f50c010889c7f5ac3776562a360da1580be70

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 9b8b8bc647168eb75996dea332171d09
SHA1 a29bf24fb0642d43a35394cae23261542f0398c5
SHA256 c1d4dc67ab878b47013508c01ab796cf59b03d256fcf56a159e2f03f4ba6302d
SHA512 a51c2a3b2300b948924abd704f1b5ae4c924a636e87e715a0593297bf8e51149f84780103cc135f9ed12963a508c7262731837049f82ae81576ffbf0fe5322ce