Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-k7qcwaweqr
Target 6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe
SHA256 0829b247813b25b1b01eed0789c8d130a6230b611e3186a8f8534c77c86d7b03
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0829b247813b25b1b01eed0789c8d130a6230b611e3186a8f8534c77c86d7b03

Threat Level: Likely malicious

The file 6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5316) files with added filename extension

Renames multiple (3704) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:14

Reported

2024-06-13 09:17

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe"

Signatures

Renames multiple (5316) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
IE 52.111.236.23:443 tcp

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 84675c83e08603dbbc2a1d8290e4a443
SHA1 099bcfe1c5f3212f5ed0f6d24174ca4efced9009
SHA256 de50a2e416e2c0e8b6ab0b5ee36a8f7fc493a4d70f1d528ad9ff9f4b3d95a751
SHA512 b4300f06c11319872d63c934daac27a9611f47c77539fc5057c19c26ac6df82428d35ec305d5a9833dfa35e12111b8653685b7699fc4eab2b23ec2a64a86d657

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b8af2e38694ae2112cc84982aa41235b
SHA1 5bdc0f105f2be698033f2010d31cc651fea189f6
SHA256 f5e32d5940ca6f475a89414f941d6e1c56a0bee44bedd5c010bb6fa7cbb6366b
SHA512 8af5b2cc9782032f1013e96240ce58af53091b34fa7016ec9e101120e1f030b1328e8d3e4e19d32fe0f56297280c99befa9cd07c46518851c48b7777a0fa95e1

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:14

Reported

2024-06-13 09:17

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe"

Signatures

Renames multiple (3704) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\ProtectTest.nfo.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6fcd7af4b4bdf131aa3c479785b19860_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 0e2a8f657f4615ed90265c5b8de6fcb6
SHA1 1dd0bb5cc0d4f4028d9e3fcdefd773be5dbc6f57
SHA256 7acb1e313e30a2cf74521a45099ca6616001386fc3088d770ed8d7b93d65aecd
SHA512 4451cee3ed74480c619ba77ebf33367fe3ec4554ca6b7ca92057955975e216b0dbcd8454775ef8dd2c60b00e09d85dbd910d917845a57091f5364169a349f622

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c31364627f2322939aab111311a1f8de
SHA1 bc8ed9c9587b566e800518c8ea28aef0c1116b50
SHA256 121db0042367505b79b4a001aeffb78ca896f72687cc00b44a5496b0119cc220
SHA512 848ccb9617474ae31d70cfad073349f5edac9cc1cd0cea98c5da1832109ff927c26e87e95a931c22b4214e19556176443dc5ba7bf2f55c3d5987a2d95e104e72