Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bhcaaasgjl
Target 95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe
SHA256 2115c7912cd5231f4182c204e5c7f7d012367f0f772b6ad2b81e5e32223eadf0
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2115c7912cd5231f4182c204e5c7f7d012367f0f772b6ad2b81e5e32223eadf0

Threat Level: Likely malicious

The file 95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4838) files with added filename extension

Renames multiple (3440) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:08

Reported

2024-06-14 01:10

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe"

Signatures

Renames multiple (4838) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 b3d2fad1a282c8c316c1446929639f08
SHA1 f7ecf957e5fefe958617b2ffde6b0203d256f90f
SHA256 a65cac2f4211ae7d97df91d4b33c8509b29c0dafa7fd00134c9d0e8b6a6f44c2
SHA512 ce1baf6902986e70e047adc4e0c0c44ac8031d0c67ef31ce4e1ff0308ef63e76f0a95328bc0de20ad409b01c833c3ddd26e1d8d007f9bbf447799879da3cc669

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 deb1dae3ac0f120ef686f739e729255e
SHA1 5b6bb742ace44fac13d7a51603c8c54f682495aa
SHA256 d9f67b7534e85543b7bac457e96e16a0a9c66ea0f6b0a0cc2acf065cb7094bab
SHA512 a7e37808521590ebed65f23a81cacfad00943041cb2a99ecf3de654c6e383bc4febea684bfd4f88ba81cb253514051dde31e0a2a48a25f15e5f6162d158c9090

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:08

Reported

2024-06-14 01:10

Platform

win7-20240221-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe"

Signatures

Renames multiple (3440) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabimp.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\95e4c0b57cfa3d082e7d12fe59358be0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 25fb41967324663eca76a552328e1904
SHA1 13fde877af542263d584408edaeeadb36bc506a9
SHA256 5661385ec5150ee604845063ab700977302029853591999a11c017ab00243f32
SHA512 ad95c44bb524aad176231dff039540daf832c167c6f628af2373f4ec1bf9254fcfa4db68e3a4cd68c50e4b4a41ccd8101b17df20d1084179c1b4c06f2b11918e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ff25bfc23922a6d1089d1976f35fa7e4
SHA1 90f2faa3543598bb221e9074ced615a4593ac967
SHA256 01be89511f02eebedde67a6f9bb5d20f4188ca4e835c8ec0bb573b9be510afc4
SHA512 7ab5963e894a50988749d207e95d1c25e85a6908aa8e576f34b692b0a7be8a4c9fa3492be772732fb62d464abd36ba66ab55e6ff2b5416498e261dcd282b26ef