Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-epw5taycpn
Target a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
SHA256 0d0e9ae4c6cf81e07f9e57fcc8410e1e3ae2cf172d45aabdec6a4525747aa4a9
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0d0e9ae4c6cf81e07f9e57fcc8410e1e3ae2cf172d45aabdec6a4525747aa4a9

Threat Level: Likely malicious

The file a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4867) files with added filename extension

Renames multiple (3755) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:07

Reported

2024-06-14 04:10

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 d5ccb522d9e8342831bfe6ff89ada965
SHA1 bd43745016b41171a994823b6e4993c6a3725333
SHA256 08519ecc288a44ac443f53c14947393eb66c15bed90468ea72d7fda0842b1c42
SHA512 2c0f04c1bd93f86cc777fcb82999ec4ddc393cfe898555ce5126553058269d1adb2e7728136bf694258e9ce139e5a74bdedc4236f6581a84eb49b5a4aaa7e2ee

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9fe40a7343c82754efb73f49e55134d6
SHA1 7abf25e681bae16113ffe0b4b90442b8981bad45
SHA256 33ca879adb2cdd7fe76ea05a725b7087faab7410a71eaf3541b962e90a9f2df9
SHA512 23135890271d16cdae5b4457c8e9fef61015c2a17fb26f5104e328d23f8cb2bc005675204a2df6326b733e54e5b639c53c0880431ab9a0a8807c36424e0f5ceb

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:07

Reported

2024-06-14 04:10

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe"

Signatures

Renames multiple (3755) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 5084c56a45537dfb6901d7e154eaf8f9
SHA1 07e60ee4f827c88be545145ab8355e66b1989f79
SHA256 8474e1df50ba924dc8cfe631969088226a7ec38099b5a728fff19435f499f153
SHA512 4d0a8daa384ff58b376428fdb94ac3433c87ffdb66fb1e0098ae0b12fd30625c0556232b6d1f5b92da754c0c62d35d0c933b726e4d58b285e550a9e0c2b77e6f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bbf98f1210df38dfc7e6c7dff8ddc6b9
SHA1 5f9ccdf5723e2bd352d452561fcbb37977f09aa8
SHA256 c106dac42277cd946b1617f8624f4b89bcaa796ac01a0c41b8db8ed10d9c464e
SHA512 787ab118a631cc2ffaa55fdc04c59fce077fa5c4ccb655ca4084d9b026bba8e61d5ed7425680ad6e3d0e54eb3e9271059fe0f849bb607997ed394ed2209b21fd