Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-gsfcksaf28
Target 925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe
SHA256 411cacb2cec5c2e400c6d2e3713309189aeda595dea29c14b2de3f89cba7603e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

411cacb2cec5c2e400c6d2e3713309189aeda595dea29c14b2de3f89cba7603e

Threat Level: Likely malicious

The file 925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4698) files with added filename extension

Renames multiple (4055) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 06:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 06:03

Reported

2024-06-08 06:06

Platform

win10v2004-20240508-en

Max time kernel

120s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe"

Signatures

Renames multiple (4698) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 906da2db82fecb6ae631d6cc4e5019fc
SHA1 94cc7921fcea1bb1248277b4541af2d96f6a2e5c
SHA256 0c0b50e5faae18ed616cfe06e3599c596ddc37abf0f07281c318d26f186bef2e
SHA512 305cfbeba9f32d41bd0444cae8d1f7e93bc4a7551fba7ce1897d4400a4360b30a2560838fba50109430f4a7dfe0a90e4518486a114672b059eea195ec56b951a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dac001a35b4701197e110e9429d692aa
SHA1 8f753823f7fec7055cf0900917b9a3a5af95d96b
SHA256 b9e41e91b433b4d486b37b58167250d1b8d111482c023e6e5b1d1e0cb3a7fb3f
SHA512 996fd88e4ebf6e0efee156e4b6b0d9a2d1ec3c7d36d0a4dfcd2989361e4b09eaad1cf6da66fc2299bdc515f6fafa937967344d73c93ef294e5f9846786f84b8d

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 06:03

Reported

2024-06-08 06:06

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe"

Signatures

Renames multiple (4055) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\PROFILE.ELM.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\MOFL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\925e216dec0c7ead3af0f81435b94560_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 bebf4f947bb7fb499493a1b161a15365
SHA1 6681c6f7da0f07c786d2c64bb43238c4ac2efff4
SHA256 22d33ba8ada1b3a5e8ce24d5124b1bc119683e3ca7d36c77a46d38735c82752f
SHA512 c4f546f0c1b282368303a4494bea01ca2d873b18b5baf3bbae03bdfb44a82fe960f48aef5fea551f12e2690d87934b409459f6bf0a8d9b6d2938c11fce644f0f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 55db2b8ebc35dda1ab9b9b1b4d176484
SHA1 6c64bd6628b89c77698e8615b9b489098f460e9a
SHA256 d0517be31db0981520e2a94c75e192a1c8ee24dbcbd3e49cda9ff9563ec14182
SHA512 ca8d37e0c946e06599e9bb3b57d6b04f09b76b61cd34f8aaf7d0fe881f16954a47351d684c5d031adb2aeb82e7a8a857746df9d9fdaf1ddad5a90ccb6a76d085