Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-c4zhda1dma
Target 247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe
SHA256 7ec8787f725c68f9df3df7e70c94ae469469e765907d208e2e9b8dedfdd0eafe
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7ec8787f725c68f9df3df7e70c94ae469469e765907d208e2e9b8dedfdd0eafe

Threat Level: Likely malicious

The file 247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1027) files with added filename extension

Renames multiple (5333) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:38

Reported

2024-06-11 02:41

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5333) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALN.TTF.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4040,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8

Network

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 8385ceaccf07de6ed2ab064a2d12f94c
SHA1 ccecb6551ee72909aac227000db7fea087644b22
SHA256 1f9cd9fd7116c7ee565c71fcd016b87e827cf670872d660f6ecdb6ecd74439a3
SHA512 b3c6de2b07044b8db8e052de78399ab44e9dca6a4141ed1cbaa6ea9a883e19803cc2be8e53055396f9e3cd1829215170ccb2b0f3810bc7605a938d61f1416876

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 d1273cf118ad24bb7563e1c7dc7840eb
SHA1 3d17812451311fd01815b702f5725fb17089b071
SHA256 eeb27507df915f2d1023cb71e3b7de49e1c68dd403cf6756b3f7285ab2113b3c
SHA512 37022629acadb9a842e232ff5e07d1b66f9751f3e539c94fa941058ea777cffb5e6678adffbc83eb8b00e629d34095823fd6197ba3c2124725a0e09981a6c5ae

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:38

Reported

2024-06-11 02:41

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe"

Signatures

Renames multiple (1027) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\247d2fb7e40aed8de7c89f158f8bd6c0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 f6a1ce0dd3fdb3084f2fbcf906a91e6d
SHA1 22c874720f52e779cbeb46f2c013de8131fed0be
SHA256 483c7298d4cbe79c6d54b2e18032b9d5d018c9daad4a5d5ebc39f45edd7a6a7c
SHA512 97c0065ce6ce8cdcdd175945dc09ed0aee3e761ac38239b065e8ab9198082658d8bc3376e4e22027a214225b3357a1dc986c9a834a8ba6bab6437c733eb20751

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f4f4d0a81892cc3927227387175d2d53
SHA1 a200bdda4ad2412bbe94a160a1c4998a08404793
SHA256 993618aaa83991c8880042b1f07663aaf063e04b820922adcb1b14d416e686d2
SHA512 256b10d1bf2a0c8f8357d46c12961eaefe0ed5ed3f61b75d75bf85beeb29c8e3b87c74d5c04f386ad11f1ae514525e7591499fa46207db5b1dd9fb98ed0215b1