Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-psfx4svdre
Target 3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
SHA256 3f9dea027b9cd19d79e18b8bc9b3a189577dee6a40c72612015591e40faf439c
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3f9dea027b9cd19d79e18b8bc9b3a189577dee6a40c72612015591e40faf439c

Threat Level: Likely malicious

The file 3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (995) files with added filename extension

Renames multiple (2327) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:35

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:35

Reported

2024-06-12 12:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe"

Signatures

Renames multiple (2327) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe"

Network

Files

memory/228-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 7531ad5b3b0ec14093e6dba0c5d61d73
SHA1 f97e5828c5682e27a4ac9b7fdcc950db8d794708
SHA256 0e4dff010854eb6f52087c18bd29303f90a42f96f3cb6a6677fa8aee20ba095f
SHA512 01283a87351a1239b38c8c8947cf4d12aa9a0a3f3021bab431a65b87368d337407598973336313ed9cab3a347964aa6a216a6d2b112d1cf4bd392fa7d0df38a0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fc98429531a51c76a01ca9be2ad5b3b9
SHA1 f440867fa20acf1170cf9cbae356c29011a925f0
SHA256 91e26e5a78f0501d150a678ae24018a0cc45aad8becfb7a76204440f7b4fcb08
SHA512 72e3ad5f155cd20d8cffffdd8ba94a2e1eb1a7e191fcbb7153cdc22f41ed54d0bf1758a714d249a229b54bf1b6cae79a0276f1956773201aaf4e5aa1119e3a6d

memory/228-884-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:35

Reported

2024-06-12 12:37

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe"

Signatures

Renames multiple (995) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2992-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 774c98d4240dadb365d183bf372c7218
SHA1 694affca8d2939d0b63ac2095cafc56d9e1a9005
SHA256 0978efa8e4b73e89d565946e5dfb4e88262c91f3c22a232b3d93b7c942e77be9
SHA512 8e057e061fb5f580ad221cfb91142a53c80f0dfe653fddc41e672eeb758b9c4b000b44010fa59a8824fd463f1ff758c04b09aab1172c2c9e43237d2ad6587df9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2936f65c9f58a79d8e0e1823eba0e1ba
SHA1 dc97b24fb131cd97a0aa9839dd020e6fc2dc5886
SHA256 808104df4031b97bb273ef2d832f4647e84690837180d8acabcb061214c199a0
SHA512 5b019859272f355613092c786fe612ab3c4510d6575a112f22cc0ebbc857905a286836e9eabf35eef87856a6473871eb501f0575b715c4aebcadaa9a249691a5

memory/2992-184-0x0000000000400000-0x000000000040B000-memory.dmp