Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-a94ceaybjk
Target 21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe
SHA256 85d0d519a1c8b0d725e280182bfcb5cb405ca4ef5dc946ec0e627a327e328f92
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

85d0d519a1c8b0d725e280182bfcb5cb405ca4ef5dc946ec0e627a327e328f92

Threat Level: Likely malicious

The file 21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3797) files with added filename extension

Renames multiple (5128) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:55

Reported

2024-06-11 00:58

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe"

Signatures

Renames multiple (5128) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 3b76c5a568eae2e8e0b298b41c3d65e5
SHA1 960a620bedcbfec9ef31931555c9166ab88d13b6
SHA256 6654e7eeaeb06ae64a4e60e3b9346ca3075584b50dca9577f6257197ef964fde
SHA512 d7a250aead1e6716a8475c4179065560cb4e664d6ff8eaa3618c47c2ffe6304ea42d71f2c6b7eaa2e3e8659e00d99f70e4df64d61d4774670a8cb1a113d89a53

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ebda822c8eb1bfa2cdc57e49a5a3a813
SHA1 ec5890912ab60133859f596c2addf07c985b1731
SHA256 6f4678712ee17f596596b1171ca5183270c95cdf4c6f15441888ce882eb53f43
SHA512 bd98752019c527f7fb5a57c36a46906bb1b1bc60ad74330f6834bf8ac6c84bf98d385e9330172abcf08e46ab6256cd767bdf6e30431f49398fc1441a2b3e4bee

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:55

Reported

2024-06-11 00:58

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe"

Signatures

Renames multiple (3797) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21cb340b9b2202dd30a04bb73cfcb570_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 2ab4e81fbc616702f579822b095b817d
SHA1 706ec44341c22146a39ac4e79a7549cbdaa5b30b
SHA256 effcb7ce3b7400703911d25303c8a0bb3564a351fcab5522518d1a3deac6991e
SHA512 fd8e8ef746c3214efa1321e19915eb8724671b13876bcaee8fb63a085745b9abcdaf85e0a840b06b152617472950b015be70c8dd3e8f37be03e9c9823e47637c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 aec5e7df6b5497467e8fe512f32ccdc1
SHA1 1767e8bd18836074173b2d147d6a3d85e47bd96a
SHA256 f61c4c8a341b5e8104fe058b8c5fc2d6afc29ad50eb2ac9e09da63a2a2b0cc9c
SHA512 16ae189f400d5ab952382d50fad7f3165f16ea481bac9934e29bb4ab528bb7d64b467df0183b282c32206070d947d92adcfcef558d6de9fc2abaf63271144117