Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-c2b93afg4y
Target 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
SHA256 88b798c89aa7465de3a0ed03b2a12a56acb415dbe56f535cb16a16d2e4aa680c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88b798c89aa7465de3a0ed03b2a12a56acb415dbe56f535cb16a16d2e4aa680c

Threat Level: Likely malicious

The file 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1024) files with added filename extension

Renames multiple (5167) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:33

Reported

2024-06-08 02:36

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5167) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 b973e001a7de8cc9337abd68738218ba
SHA1 6f2ea6ea8ed435a93676decf7babfcdec736c5c1
SHA256 ab16619514872c255abacb394f2f24b32e8548c3fd3af0c09e3c0c374fac2e66
SHA512 06c62620b163ab4a7b50ae45105eeeff218fe2e53d0acb27c2f47aaef23bc0e3e098f86151990736586295c20464a00d22f11850e0466b83f93db5299e78e602

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 17711b209c615e2632ed921841412c67
SHA1 7114b4b13ab00977e28a5df53819d0a5305c5bb4
SHA256 93184bb884359a7abfea416ad4dd6ead602641a2054615f252ca2ad11d668071
SHA512 8af9fb276e05709fa394f64e8a9857b88752f922390719944dcea5c334ec3f5c6bd2db40444baca03f0af337109de47b1da1b14d6ffb7a6aaf14da62eeaeadd7

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:33

Reported

2024-06-08 02:36

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe"

Signatures

Renames multiple (1024) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\HideSubmit.mp4.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 70cd9689e9702bc7a285fedc160b64f2
SHA1 a0cf1f63a62bc314d2890a5166052ddbb1d3fa60
SHA256 77128f906d1dc7d4a5ceb4559ae421fbb93ac7b2050dfcf471672dff28074bc9
SHA512 c543f6a1299ab0e6d81a2a84aeb9c0db3cfacd0f03c4b48068111633e13df66d1d90fd0f0d6e6c6a3e296043f92afdebdeedfd383e1efe5f5d4284f86228004b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 25a97bf5a0db18c81ed21dd9c684108b
SHA1 32878ed13d692965280c389f24f3da8cbea9c0e9
SHA256 b219ab214f0fac113a22f6004680d94a8fe67539725ac859e529cdd3f9bb63ab
SHA512 6ad629568875543296f4ec0a9f7fd3be8027a5c572c2aacc619cf333c40ae56a15ee6d98a6e6a890845e0e3f4e0fe075bf9ac88515c66478fa5523e08ffed964