Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-eqpgcsycrp
Target a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe
SHA256 7b76219711e1c48550ba4fc5cd995cf353ca6aab28e7f81ce88303a229acd47a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7b76219711e1c48550ba4fc5cd995cf353ca6aab28e7f81ce88303a229acd47a

Threat Level: Likely malicious

The file a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4865) files with added filename extension

Renames multiple (3439) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:08

Reported

2024-06-14 04:11

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"

Signatures

Renames multiple (4865) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 109.27.78.40.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 120959c1137f51bfcd8ef1cf7e99b99f
SHA1 62d7a63593467c1fb51f3ef775e97ca27f4d7a47
SHA256 7e0c98dc61f7df25570db7dac8561c20d17298b77fa8a891136b4ed0968c87d3
SHA512 aacdb3626c13c23c9d08e8338a63b145988db202005cd39794655a918c80106fe6f9f7743c36a6edb799e5e2597d1a2653e3d1ba56e83c8df4dd2d946a6f436d

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 debf9e9f558a1a821c23e12d5d640356
SHA1 eb1d22384572b460c8dd5cc08bf9fbaa712ad9ca
SHA256 5b346512ef149c06c5cc863da68e43b5ef36a04d1b54c9f45699ad00b0a4026a
SHA512 d50bad9ce4187e46ce9f460d06a688739fa9812038666ecaa20a0dc6aa30e1b0a9a00a9278b6e9f81cbc51fc11e994fb8b3462b8d0c5f7288057c97c28e3cc98

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:08

Reported

2024-06-14 04:11

Platform

win7-20240220-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"

Signatures

Renames multiple (3439) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a118bbcd44222d7e2d707a598e68fc40_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 f89046a17a6977001c306f5705ce90ba
SHA1 e331da8015e1edf2b7b914ceaf46c83e5189277f
SHA256 b4ae73f52884d82cd0fa168aefaea28348f01280f345f4acee12274fa933890a
SHA512 8fce61cf28c2f1e80f4443ff39e1c35e3adecbb7660a3eff1099011f5153af6a0206d0daebd9fc8fb0231ecace5b2b7179a5cfb0c34753ecc9803c60dbc0b987

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fe990a052b5f988b32d69cb1a0bafa2b
SHA1 55ced9101c7ff5148420a84a1829fbf73dc3459d
SHA256 2b4c1e8d4b73f84f52c55755717c1e84ce8dd621c34b6fc46b633272d180c619
SHA512 47ea1663780aaf5d55360cd76a361f25f9e3d240f2047e0a37bf9ad930298ecddf2c1ecefe48a14fbcea2e902d087e552cbfd706aab717d4ef84221d71cc242f