Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-q58z4axdja
Target 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
SHA256 0846b2152c636b72bb25a6daceb93dd84da891c88ad6b8129f8b0eb3ad7eb28f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0846b2152c636b72bb25a6daceb93dd84da891c88ad6b8129f8b0eb3ad7eb28f

Threat Level: Likely malicious

The file 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5353) files with added filename extension

Renames multiple (4071) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:51

Reported

2024-06-12 13:54

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"

Signatures

Renames multiple (5353) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 b31ea5256e0fe43e53a932659311b74a
SHA1 d0cda870a0b04d8972f79108d803bd34afe2b396
SHA256 b99590a2198143dda13a725e4fbf1c9157828f8298efb455ff730e260f7dbcf7
SHA512 5d657dbba9180ea135da9db5fbc7a49962410e5ba35afa0391ad52b4e8713fc76835e63c4f39013b7eace83475e8cec95c517e7280bd46db9f5d1c0e8aedfb47

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6e2831a36aa09a7215cde224a1af3ab2
SHA1 87e217cbc0c5cd7b524dd0ce6aca9393594cb5ce
SHA256 4c55fc11ce7594e94c2cf42b0506a69f7d5bd8bf39f87464cb564d07a97b2286
SHA512 a908389a4fa1663521ad71c6da4ae8645447ebec94128dae2893b2d265468d6d7d3e0a25fd19fd88f0c2ebec6b3ed6334a43637f384007137e0fd6d851182cd6

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:51

Reported

2024-06-12 13:54

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"

Signatures

Renames multiple (4071) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WATER.ELM.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 ab03df8389ab70595585d7dce380fee3
SHA1 27a14caa6aac57bc5d7c911a4c376fcb212439ae
SHA256 363804ff87e37f22c7241509bf5e2eaa7aec114a7319fa990ea71c7655cc7b41
SHA512 d14ef7a1bd63067b8af5677ba9b172279fa2089117b90c5aed5be55eec29fe2c05680788bb26687cd28cf7593620fa94b5818a1198f4e4e955364017886928d7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3ea171d19e261a5b7b7498e9b05d99d4
SHA1 9dfb55da791bf47745c48fc34b36d5c6f42a2b52
SHA256 53d7241ecd1fd8e553bbd0407c0497ac606a751e0114f59a6f0189d7ed30d6c2
SHA512 7ce626e6d8bb9e58560e1a71efb3a5dd910e17294afd45a47cc0b3c6373fe397006ecd97828d85f5eae74f4f93537de9e3f8a1b2cfa8353a622eb3e22793931a