Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-dmay5awarj
Target 3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe
SHA256 2889c58e671b55edcc4d2a585722591319250a6f78cc79b93893b64b8a9d3ce0
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2889c58e671b55edcc4d2a585722591319250a6f78cc79b93893b64b8a9d3ce0

Threat Level: Likely malicious

The file 3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3790) files with added filename extension

Renames multiple (5302) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:07

Reported

2024-06-17 03:09

Platform

win7-20240508-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3790) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\rt3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 e689d335fd4c0488e33d71381e1c6667
SHA1 af1fc763f848971aba4d8fd6ac0c713b2bfd530b
SHA256 e02b21ffd5c696e7e3e0073fdf417c1716ede3f5fdf992d85c6e7bc5ce4f3abc
SHA512 54b5259eaa55f473b6a75c9a3a7f2a90dce6e404e37d525febf4d566ff0054f75c66a463046919adf29523b86ea54dedb0e3cb37128790a31b75dbecd9bc16d9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 75aba9cada46a751fb05b33e976ddc62
SHA1 d0ab3658cc340b5c2968d750a44e348c2eb4c825
SHA256 d14558eb945fe2a30f9d2555c6554543e2415ff1a20dbc07e703df2e8495c50c
SHA512 d8a11ca19ec1a1b5f0b24b2b023c3624c0905a83a7023f30df03624dfe34dc913687cfd612779ecd864f1823644e585e4dfcb1a799049e459ce3a98dc82fde5b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:07

Reported

2024-06-17 03:09

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5302) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3c893a16c5d121177057aa419a3040e0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 ced42f400019307df06638a8d6aac54c
SHA1 a5904d423eca4839fb1fdfd756ad8e9918a2ef9b
SHA256 65cf9273adc0e6f1ab399376c5e081ed771b2fc62c2cb23dffff38ca684b8775
SHA512 7d6b940fcc61da26f9b1a11ffc7acc2dc943d68d8b1c2f714bbd726d3872d10d779e2885a5f8f9eaf1bfa8dd6b89a7fe720e40c3eae77259c365a7ac469d025d

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 846c43c9900698b0ffe4ef705e3e7a6f
SHA1 ff88b6312555928957983c5ad41f72bd6539cdf7
SHA256 2724ed74385609f6950f88ee2f372f37eb88f028665077d682956fe8cb65e33f
SHA512 28346ca55848ee79f6da4ea7d3b45e526e34b367bb3a2c6eee43f4e02e6c524c3b8eae72ea2ec644a02aee2ed8b0b8a4f84d5423afd1664d035ec57d13df324e