Malware Analysis Report

2024-09-23 07:02

Sample ID 240628-hls6jawenb
Target 8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe
SHA256 8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99
Tags
azov persistence ransomware spyware stealer wiper discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99

Threat Level: Known bad

The file 8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper discovery

Azov

Renames multiple (143) files with added filename extension

Renames multiple (7418) files with added filename extension

Modifies file permissions

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-28 06:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 06:49

Reported

2024-06-28 06:52

Platform

win7-20240611-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (7418) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGACCBAR.DPV C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\jfxrt.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDCNCLS.ICO C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\La_Paz C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\CST6CDT C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\MSB1CACH.LEX C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0324704.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME04.CSS C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0198234.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Training.potx C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\MSB1ENFR.ITS C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TR00172_.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\3082\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CharSetTable.chr C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01066_.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0230876.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7F.GIF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\SATIN.INF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0196400.WMF C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe"

Network

N/A

Files

memory/2032-4-0x0000000000110000-0x0000000000115000-memory.dmp

memory/2032-3-0x0000000000110000-0x0000000000115000-memory.dmp

memory/2032-8-0x0000000000110000-0x0000000000115000-memory.dmp

memory/2032-7-0x0000000000120000-0x0000000000124000-memory.dmp

memory/2032-6-0x00000000000E0000-0x00000000000E7000-memory.dmp

memory/2032-2-0x000000013FAD0000-0x000000013FB17000-memory.dmp

memory/2032-0-0x0000000000120000-0x0000000000124000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF

MD5 0d6efe9e22f4663da48b74abfb8d6e3c
SHA1 f22e480caf4d1f1648ee711697595251c0c4faaa
SHA256 87ae0c9fc09e0df730afb5dad3535626355b79db030053a16357711f9fce6d7f
SHA512 21237bd01e4d9bf02615e99fc0d75733b5cd0eee716d216738ad9a925451c63cd49d7674bbe35bdc5c0162b6acd06dd9d4016f04372af2a198e488b40340e155

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF

MD5 92971e56da6d183be1cb602785d8eb52
SHA1 a605512ebed29ebf739a0e84870697f3ec13ad18
SHA256 63500e52b291c993b1ef85755669bd7161baaa62985e80c98fecff2162b9f308
SHA512 5db3ee734f8494acc445abb8bfa2b9b6841877d3b84a2ee106d06a2cdaed9fbfeaf457602a529bd0017b26e88bb8913f94a177c781a5fd3dbd125bdbb7fdc071

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF

MD5 cbc4fb2d071aa9ac265b468c8d6e38bd
SHA1 5755b8a817916931f4a0d4e4934228551230b3d3
SHA256 cb727e38440c4427412cc1658c706ff88e6c17e155ccf8a7a26f260fe8245fe3
SHA512 c4caecc61453f86f1774b2d2c9a3fd96ebd39c7dc9be2999006a1e523cf299b49f3d9851863d5ed87a5c2ae97a9058d791036ccb2cca1c7367eb4755e41f799e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF

MD5 e6addf1b14151e3723fd27cbfb7ab844
SHA1 a049cae20ce7b726170a15c23c9b02cfe83e4d0e
SHA256 b7370e850d55eba528ee967c085ecb4c962f5fd3906a5dddb3885f52e36494a8
SHA512 d1139d8d2b06ea9ad27d4669d0d3f1a5a4891da4b5d71e5cebab553991fb632f1d202a8df835cdb6a03554e81cbcd614f4ef841adacf8ba142c4675c9e326ecc

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF

MD5 fe4f22290cded8d8079754a3144c6719
SHA1 5dd190403f45f1093fa6d6241643001f4ea7f0e9
SHA256 33e3259e76116b7c02d327d2bed50311e09c15cf6805f6bec45a9e73c0683e74
SHA512 99be9ad0728f741ec282caa658ba962be36756b9561ed08ff87d8ca332bbac23c298396444fada1d5722a28cf5f5fecfc8fb222e257218e8f7a597e56f572ad9

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF

MD5 3d221da4d5274afa329c53c0604af3fc
SHA1 184745aff0f567c9aa1e8913ec40f8768395b709
SHA256 6790645e033b8c3e8499c76cf50f6ee8160cc5cf17988aec4776b89834178157
SHA512 1dfac52f950c4fb58acad92ffc25476b8b2b56065412e1e9b8d0f029ea4e3c3d50da1fc8276bbd40f473dfb2f2db278e3de3946bc638ac1dbf4cc0f1c3521196

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF

MD5 69306e65dba4dd314dce299e32464996
SHA1 a3b7d38609e7993f5ff9044725992f2783b70c66
SHA256 690eed720fbc614c277c7ae974a48466d2a52d9120b1d2ead1abb04234da27cf
SHA512 43400ed2770cf60073bfff04c2b9817f49c47996b526da7b090f2c815286fe5fd752f6657bbbe57229b3e1305a0ae7054ec6562ba479b8c8cfc408a1821d1fc3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF

MD5 7a7ca15fb4f02caae3c6a039a0ad2b90
SHA1 9b2a97ba1cf38dc6202192d8bf2d3aa318fe2575
SHA256 dab8c4ffb87ed70d8b03d4f2bad2a82f06b0593e4651bb180932a05ffbf7a6ba
SHA512 1640715cf04f1c11b403a290d7b566ff706418aec6ec5e4e419536f0e1175f48ae19babe9ec30e5e122f615fed8af447e27fd5cba0ca1febfe208128e5cfc3b3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF

MD5 eef511fff9c69d2b6697a37cd53e730e
SHA1 82cf8fa9b81354a972be38a1058a22ee3c9d7ef4
SHA256 757e43b3ba35d43eca4f56f848dd627eb42994e420eb01bcea11c4ad0985e5b2
SHA512 cb80830c05c4906184514a7e157b27992809866a31db8f0527a9170e05a5842997f5876c65fe60e399db42efd63964fa6fab965609e69fcaaa6c63123da990c1

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF

MD5 6cb41a9d42860d4aeb4dfa017aaf9865
SHA1 5af3f2730665fe2b7d33eac3a7f5bfb92b25576d
SHA256 9decd78a144292fa22639e57644701a741fbcd17ac2cce863ccf652abc8c3b6d
SHA512 986edbb10a48c7177bf8c093a42e20484014c01e24bad588db52773209749e6e5e3d842fec1f2e4ea12b66076ed4c5082c23a617c642c0ead72c9df56f6c43fe

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF

MD5 c2a0d5408dbbfcef9b2dbf24efb5f342
SHA1 8883d01165b930a1074e184160b3abf64164163b
SHA256 e659da8dacab3ab3a7582771a09582b1ef0cfadd563ea5fbc4a5641d46372523
SHA512 b3a091d933f790238daff39aada3fce18e2cfca24b54bfb7ce669e27c259145a76bfe2db4f39bdf21206a2718f7c164bf447e240bf0267f54e4579763f0e7ac1

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF

MD5 6ccda9b42fe1b5dd04b65d6c9d95b636
SHA1 be7c6b9aa4d831c28a1e69aa9feaffe06328b8d2
SHA256 c2c28bf504cb821de6c576736d2548bc48e64e8fb7d6aaba45b3fd3223c28bd4
SHA512 a895a1e139288552f4486a841fc83808323e5d7174cdba09f019ec779a6cba8efacb8400cf480a30ce3b597be11817f153c11d17d1245a01f6f4dcd13deec90e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF

MD5 c39bb6b315815250949bbef2fd3e80a5
SHA1 8757bb38193df7b5d21ed22d7ec32457e5e38e9d
SHA256 7beb914935e788d46104f62f7d9307dc532020a80937524a94408a2f7ae8c844
SHA512 7992cec3a7cfc555951afe2e0d19889450d5385e4bf3a231ae3892fdf524144510ed4f0e3d3c20145d0cbf590a9d7f3c0be3176dc785baed30ee5ac3d00a3af5

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF

MD5 424486436f2839e5861f53bc5e6bf90a
SHA1 2b111fb676a2a24fec18ee2bb55ed9cf9771174a
SHA256 0080d6e331b9c4c338bc6d0b7c192f61037a836a3fdebcd1aca296b67474a9d2
SHA512 59d78b7d4c3599fe9e90b99cf723cc79048418a97c84ce108b07af3f39de06937d7539874e3f16b7a19011cbd72b14737b6f296644b329ed91bcae695e28f151

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF

MD5 238e67e2a529bb2cd4c82d1f3a5b9066
SHA1 b536050beb3c1573e132df7df2c18acb53d4c227
SHA256 887c99c5d13f521f3e59a2535e87b72b6a7b8e90b0bf0b09a54db4ce87533868
SHA512 ce7610855c9cf1b7b5b6d08b2ebf36cb995dd2e7934df744252e205724ba107848c83a2f5f61f75ef9f09e8b0b07e07b1f425bf0e47d532b2b2c210fb3ac87c2

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF

MD5 129dc1fee57881485baaf2d5d25ed774
SHA1 4dd427b10adca4910241cf20bc285f13f56c3245
SHA256 27f54009cb51fde755838ed00684f3ed56526287c3c24fc7b42d65aee11ab013
SHA512 cbcb7d3f4e7d1bddb417aa317ebcca644c37b9dd2580207e55bf99ec3a2796fd6df0b01d966314d0d5649316b954814b00a8b9c3ed569d5847287b36bf8a3be1

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF

MD5 d6dff69d5bcc595bd1ff84293a46e136
SHA1 b078acc015de4b1a22bab03d852b0231bef4c441
SHA256 f8d0e44fe7d1449f34a77ef0c091e3e8a1826cf60c8596c683c0775094c2cc82
SHA512 46f044bd5e40ce27fbf7713009ba9b5b6cf7d578a1cada211e1d3d33081684c83f402099d4a2e65b295146e186f0033a645283f9b650b5dd9abacd1a48dd3e23

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF

MD5 5f53333ea55a47067901f3205d72330c
SHA1 8c60b066429d9377ec2543f93f21b3f3f32c3fc5
SHA256 3a117a2f235aca27ed9640a501a47403a9fec16158736808e02d238903818a11
SHA512 557bb544f78e4f645c69d2a811eef2e6dfde4979f41138a058232c3dd4c00c478845431d00c4686334c74336209dbaa667d684a35561056d6a3639a7b0481c43

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF

MD5 ab32b90e581deb3f1737330d03d3e5a0
SHA1 81a413c21e33a4fd990129119dec44654eb032e1
SHA256 de556da713b661bb80df503197fcb13323f42f3ff49f5ab4a09e37bc12fb3f9c
SHA512 935b4f29efc636b4b97a285959af150e102e97f33887184c540c5dbf0ba71bc7d81c124b47392cea368e0dd4bc61fb6fe05332f101e453a61ab21b3a6ee4efbe

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF

MD5 da058ecd5f75e1674e69d4e3ad428cfc
SHA1 64f4ef69cc356756ead8b87852291e1521a8fe00
SHA256 8d9fda9b6616dc3655b2074c2d03cebca80969cf9038be0148161f8e80a7561b
SHA512 1c974618f7bc0b3273c58072c8f917520cdf2691823a3702669b4ded7ec1f69573ae0707511e403a7df9c20afe39b5f8fd75650f48da8e6869ab6bf95e466c2d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF

MD5 066303bf4ab6bf857ad72717830cbed7
SHA1 5353b05bc60f6c4907941a88f452e26a50e7108b
SHA256 e6d6b09fd8ba6ad88eba412de561a85cd48cc2d706c82a02aa2c52a9e0148fd0
SHA512 34835e49ff737920128693ac7e054fa70deaef16ce20d7f33c797a5fc57fcf11e0671342cf1833f76ad3386bc22d9702cfb430e72dbfbac01b806b93ccadfff0

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF

MD5 fd95e22817c815954d724858a5edc1c5
SHA1 b57f1e8e4bdb5dfae334aeae955e33bc0172bcfe
SHA256 0af5fec21ba86a5a76e5ec00760d2d233805c7ce0b2882f38350602508b542fa
SHA512 50e8f6170b0740a770239bf5dec1b9026488098b69d0018d59a9880047b7adfe8dfdb7ba30a0f0d00555e07e1891c14b073cd3b44e44dde2799a63a803f614dd

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF

MD5 c8d57c9cd6015869266da901098099d8
SHA1 15397f627115ba9a082235e5c8393202dee28cf7
SHA256 9d1bf22e0e1ce6a2168a20a29cc71d97eade0304d6270f2b930ee01e214144e8
SHA512 d11a118bd6cb8cd8e5409f788ec8a2e4b74e2a09aa98f55d2bd6ed8c2a441bc2768f3d0feaf5d5b5debae08f4535c05b0a3e9db01805c2fba9681967d1e53886

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF

MD5 dd2149a4dd1ca32ef809aca4d788d3b1
SHA1 81c1ada7a63d3d4c8b16d38555592433b4f44cb5
SHA256 25043567cd473f932f1dc742d92656d3e061c812b3aa1d28e2fedae1e7daa4c8
SHA512 07dfcabf0049dcee791cad982c3b24a9b48d4347e3cc7847f449b8cd9b6e4bd25374535a33ce99115ac48e87fd6cdaadda14a4b57291de06b969c3163e1531ad

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF

MD5 01d82756f0218d5cf53215eb090af1df
SHA1 7d8c56117d2e9177312022c6c11a29cbd0e6dae8
SHA256 75c951b7a3befbd02236ccd7e8f821eaa4c6c791d1a224f04bd260ae73277fea
SHA512 26490e03520185c0bbb2deb0b582704076869e20f39c956d962c596c7e4fa68ca55fa17291195b32ee761bc0a547d8be31d57717263fb0f2153b5e4a51d7c3f0

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF

MD5 2fdea54a65caa145b311a2b52c0eae76
SHA1 4c7e07c0a4dc7e6f8fb760b287c6ae6c7c802a7f
SHA256 e5d457d268d67194dc4bb37f1179f4c0e765dee5d038c23150b09ce1b0324272
SHA512 847c82203586a8ca46bacdd21db3ca33b38feb8685eb77482aba3db19be254972ea7b43df5150d310d5569ded4325370ec55d492e9360210bfe5e88f893dc936

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF

MD5 0b0327e3bca1606a635e3ad541b515f3
SHA1 3057380f3c99d9eff0ee0f43dfaa3cf8c92fc029
SHA256 c42c618486eb2bf315f9b816ace0b19cbe150ba356fc34c040b6838b6c21f6d4
SHA512 48181b1a5ec4f2442c9df257cb212fb27ee28bf739db637139438e853043ccf7372acc247f4420a49ef7f57213d9b34d7be48fbf7fba736dcd615c6022692a04

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF

MD5 f09247d218c558f88384de133d991619
SHA1 f23f8609a50ed2af817e2980b130b539e62b221f
SHA256 ddfb00e42795205f8283a34dfeae002c3f689716e989e171fb33a13af564b951
SHA512 1095fb950c6f89428babb54ca9b2421628c26ebe251d5d42e9fabd53d71349a44076f77c2d70ba7ab7d042c31c359de6dda81bb2a4d7e73193fcbf0502407d68

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF

MD5 3778970e9c5b1bb55bc9208351a1f19d
SHA1 903847d5b9eb9e0bf2f5f6023b09fccdf6e23c34
SHA256 caa8f33297938b168e2027f34f9adc612442984bc2f234fb503c4d26168c3054
SHA512 1acfdcfacd08d41ad16223ec73675a2e4c1ae7514e4f52be5ac17a103cea326c470c7fd65ebcef5c8ee761f9408d2dc99f4ec4cd799e6c6c001d30cc954d157c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF

MD5 eca6a840b2d26c2ea5ac6fbc5c8cf677
SHA1 523ad909ca4d3f6a57d0889c1440a4f3615e6096
SHA256 e025b40bb8662b36050c0073ac019e4eb71a12bcf6456aa888380442fa139a81
SHA512 89654e0b28dc9f00826419c2fc88ca87478b6ac8dce2c4ff5f44b8646a8ffd5a6c5c2c2c9c537dcedde7ca0825be1db2e20658cd77400c526824cdcaabc0cea7

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF

MD5 66440ef0e44db3b1b726c16259df89f1
SHA1 6768ab319ce698bd943cdff114c25b23b72ae610
SHA256 99f4ae8090a633f21385f31305de6c9c574dfcabff7e18c4f74ead64b1c47abd
SHA512 09171c58619345b673912fff0b4dd2c15b93622c6161769d673047574ec28ddf3cb9548d4a024143c6a8783514123f531e47d696d4b51763f8e2d54d3db370cc

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF

MD5 a97ddf7b25f112dd895efdb3b909df48
SHA1 2a475c0a8fe9e78b098190f9e9f0ca498eaaa47e
SHA256 6093cea73a8cea9ae50066401e424e61962f2cda8fb629e102f76ea204819bc5
SHA512 9b2fccb4474411cb2a2bd4baf90ae064e7e601c54317c0f8233b6071c29c857e431e1c09b3704cc2cde1d46e9a0874078498e60c65dac69d219c1ca46e493c54

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF

MD5 dc50bf861b55178558478e900d06a41c
SHA1 b40f0624a109a316c0d8d358f551bccd85ab0088
SHA256 9415ce34e8f9715d6aeeacc02dc7012a73264e982b4ddd65d91cd557c71c4d31
SHA512 6132740b46ea88db595edd8b21d42717a3affb0df212582c636c52a6a1fc8fd9a00f7540a54e355e37c6dfb11a05061eb2554ac06248a07c7a44fb6b70ec1113

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF

MD5 8f1ec6baae2b0741be7f0b45d5c24701
SHA1 d146cba3ab00ca044ba4f498e45d0b7f38958f81
SHA256 17a1540bc96d1a428fb168de44de7d3252e87421880ee5fcb1306f0d86d0ac1e
SHA512 9cfed3b4aef58fb8acc1894877f80fb360b23d5b3d6f928cea18c4351327c7cb99f07f45c1bdb64a3de8da7063f3bfabbcfabca91ab74c8ba78667efb9773589

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 06:49

Reported

2024-06-28 06:52

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (143) files with added filename extension

ransomware

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado28.tlb C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8a9ffacfca77b279def049baa151fc79cec36d8203b3ba7d2f933756a1e5ef99_NeikiAnalytics.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/2468-3-0x0000016748030000-0x0000016748035000-memory.dmp

memory/2468-2-0x00007FF6CC290000-0x00007FF6CC2D7000-memory.dmp

memory/2468-0-0x0000016748040000-0x0000016748044000-memory.dmp

memory/2468-4-0x0000016748030000-0x0000016748035000-memory.dmp

memory/2468-7-0x0000016748040000-0x0000016748044000-memory.dmp

memory/2468-6-0x0000016746760000-0x0000016746767000-memory.dmp

memory/2468-11-0x0000016748030000-0x0000016748035000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/2468-164-0x0000016748790000-0x0000016748A00000-memory.dmp

memory/2468-403-0x0000016748110000-0x0000016748111000-memory.dmp

memory/2468-427-0x0000016748790000-0x0000016748A00000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 5a3b209f5ccb92ec08ded37233d5ed1e
SHA1 ae2f89002e90806f5ea1977701053858b8bc2b01
SHA256 6a7b3255aad98eb56bcc5a54258c27fb6b03a5f4349c704d671b8865b02d8af0
SHA512 e1da8a9be79bd613afb00714758e49e5961a56cda875f15e0499437a6456f1a79175ad9b6715f35908773a9854cef30d651dcdcd35d109a04b6c3480eaa75eab