Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-3za74aydpm
Target 20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe
SHA256 0c2c9d1e34a51c15e2c9af9d7dffb4cebf293a585e386cc9f21da9023d2a10c6
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0c2c9d1e34a51c15e2c9af9d7dffb4cebf293a585e386cc9f21da9023d2a10c6

Threat Level: Likely malicious

The file 20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3755) files with added filename extension

Renames multiple (5233) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:56

Reported

2024-06-16 23:59

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe"

Signatures

Renames multiple (3755) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 28975313efaaa2440f736f16acc1bfd0
SHA1 c242e65e79a86b6832fb481b75ce3aa1884796d5
SHA256 7e77a137def0b92d7b7b513270ab4f9cb03b43d4e86b90310ff599429d1c7c5e
SHA512 aaab185c9c8fc8e560ec46640bcadaaec0143f778bcf36325f3a9f3c8b43bb2ed12d605a514371ea2d3119eef2d34f8c4f5d31d785680d519934471c9c6fbda7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c56a97ed45bb00057836e3cf71888ec1
SHA1 b6eecdd743de8a5c8a7ba2a768328c322a645fd9
SHA256 249ba1ea55024fdde0f2c92c316f2bda350c4bb2bbafb84fa5c8aea352e9bf88
SHA512 6d4b36a9ed474962b13fd68f5df40ba91e815c95a82a83aa01b4365770026df2ffdfcad49f707df3e4cc3d37cff2d495394758898b9b824b38ab95bf414ade6b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:56

Reported

2024-06-16 23:59

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe"

Signatures

Renames multiple (5233) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\20717c2ee8c49f94d86122dbf01f9910_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 630c74940d7bc7b881ee54d6bf10f421
SHA1 390f56f9311c4deb9d1fca043b2bfcec21764f9b
SHA256 9603a044dd07c188c237422a0cc276850081c465b731270731b34c4f8c765c3b
SHA512 29f0a2f3930ea84d5e02da7ebaa542c7eb4475db0f30deda55444b16cf4fdb45f5fed9132977ade76d9e51cf48910d80ceab5d43743519c22b7b3dcdc58e7e0f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b15248a88114f69d9d55e29b2de15c15
SHA1 720897c711cf8586accb57b6f5df212856c87043
SHA256 e45e154b96eae23885e8bfc5b7c781b3165e956091c1c8b1b02b4ab3c22ebd29
SHA512 44bceecb246689cac8a122e62f183ad0472383ff77551bd803ddec1443d5f3657a6c55aaecae663937e9402e7bb1b87110422a129a8de99bc222cbb0d29c1e61