Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-27rpdavenl
Target 1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe
SHA256 a51f820cf9402c7e5ba90212ebc8fdbf82e8eba39a116f6f13ad7541809ca4f2
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a51f820cf9402c7e5ba90212ebc8fdbf82e8eba39a116f6f13ad7541809ca4f2

Threat Level: Likely malicious

The file 1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (1131) files with added filename extension

Renames multiple (5195) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:13

Reported

2024-06-10 23:16

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe"

Signatures

Renames multiple (5195) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

memory/3652-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 53eb5f40cef53f5b240bdab05ec40f07
SHA1 2a5a5a29a8cec1f854f265571764043f3454bd4b
SHA256 b8ff10566f9306baa3fa0f3eec74f0bc627949cd9baefc42f23b881184a9d542
SHA512 a6b290c1e7ecdf0f2bee7346e09deef82a8e5c3048079065b13559b9f90b3b9286bf9db0200a761a3c240a59f4959c40c6feaff97bc5f958682a7baf9b45686d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9bbe221b66127f75e1b28d4609e99903
SHA1 f2f7ebca920e78c1932ccb6f0225e3de39818e95
SHA256 d09134e99db52a81abb67e0f88ffe9e562cc159b0955e89a2646c703c66fcf25
SHA512 8bc4f3730dab63a6e92ad778fb02d88315b555fa1d4a3c1a8321499d8ff8e5cd07a82b55867a74c2d84e515d2f48769949c8a3d92f6e78082e175569b644746e

memory/3652-1116-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:13

Reported

2024-06-10 23:16

Platform

win7-20240221-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe"

Signatures

Renames multiple (1131) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1ed73a4e4d9e30656cf496e81ee6c890_NeikiAnalytics.exe"

Network

N/A

Files

memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 bd3cc060369c9f5191452caba6b9bc8c
SHA1 d7e8bf258be12e0a59031338b535cd6aaa0cb791
SHA256 4f60c12e82f0dbf45cf281a8a9d5108caf2a25df0ab2953e218601e10087aa94
SHA512 f29c4bd9e0d3e49d7b6d14744afd7c3217153abef7a410f1c542b0d34b00ce940b4b7848fd17cc108f908aef1e3d5f184fd64deae8d3e2498a4e1a88219e0910

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 476dc40fc14846bea53c4af60cdbd1b4
SHA1 f142c4256119033921c0099b6cc177aa899383aa
SHA256 7ba7971d10834fe5659031f0c039f5b106f99d830925434333661bfc2080851d
SHA512 045a9115f1684d9a2a2ea06a344a09115cb4d50ed89e27f9610df078f804ee8b1b7668e7d9d9daa19ff572b00d618a2794b2a158c409ac8e25334c05e97ec521

memory/2292-26-0x0000000000400000-0x000000000040A000-memory.dmp