Malware Analysis Report

2024-09-23 04:36

Sample ID 240614-c2hf3ssclb
Target 9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe
SHA256 f42318e3912ddb6b869e055f52bc28be00825cb88fe66fad966860405a84f749
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f42318e3912ddb6b869e055f52bc28be00825cb88fe66fad966860405a84f749

Threat Level: Likely malicious

The file 9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3790) files with added filename extension

Renames multiple (5358) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:34

Reported

2024-06-14 02:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe"

Signatures

Renames multiple (5358) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 d3cdd743f4b4164bb41e78f77c320fa4
SHA1 cdae782a4999df9d753f78c83b18ac3024e6f71a
SHA256 d7fd5034902c9b6b2622209b4a4b43838c223f4151796fa0db6297c99ad6e72b
SHA512 56704060bb4e76bbd2c550c01bd50080b135da7242ec02893e658350a5ffd4fbe3f084625883bdd403519587a845ad0d0e492cb2f27325168472b38e11e05eb3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4132d6b3582f796b5186dff660dcf2a4
SHA1 40b62889964d287f8855cb354b235d26346230ef
SHA256 b7443fac7361747a83e116e2f3858fef8c678cec8b6fa184d6e1380838447626
SHA512 ff0cfd3d9080d68ebfd088b822f9e62f00aca89807d0646d236d19df72b07fb5e87b815c3fdab5a98ce10ed3945f01266a2e581885c3806925f96f7a0a1dd53b

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:34

Reported

2024-06-14 02:36

Platform

win7-20240220-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe"

Signatures

Renames multiple (3790) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b881431deef275b0f8039645f269e20_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 69e8fc2cf2e89e851b47a01b76703dc8
SHA1 e9b0636484b9959df122938189e1b888e1dbb8a1
SHA256 ed9aac9a0d54fe0d0c3965a6ffa1417d6f145e15cb7a9c0997bc13600b5f2683
SHA512 ee70213ee00b5bc6c984a64f80a30fa17a5dadfffc6ff0caef375993bcc9c482d9ec32ce3fa739312609738453ac82ca9aa7ef537e6d72e83899dfcf64122dd8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4bb120575b4c6c8960f1ddd520406ee8
SHA1 bcab07c0c53f8526576a4acc325adc03836584e6
SHA256 3bb39c5910c280445d5b82fa9b3f05f04e530e4cd1228907a442df7c60e47438
SHA512 4c137fea75f0c55537e6d61f0f9cab978404c06131e4019b8d322ac5c86202567487c38f7e456c0bf5c5401b070b57d82fc735ffb1becf8db0e9f5773330d7f5