Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-qvadsazgmm
Target 3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe
SHA256 2e947653ef749a01acb27330094478c2e928ef39c86ad79a556da629bc1cbad9
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2e947653ef749a01acb27330094478c2e928ef39c86ad79a556da629bc1cbad9

Threat Level: Likely malicious

The file 3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5349) files with added filename extension

Renames multiple (3755) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:34

Reported

2024-06-12 13:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"

Signatures

Renames multiple (5349) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"

Network

Files

memory/2256-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 22e8b5fe26ef80506f46f5f8c1bfa65f
SHA1 f134d3b326a64d771073bfcee342b0c390cc2835
SHA256 264fcb13af9c6d770e6954ec8ae045c89bd9215c10c31425a68f47a6f9bf25b2
SHA512 b2d4365d627a3e83c6b6d71b4dba900a43f6bdab95b348e602d92c19e067fcef3f8324448b6f31e2122ba4a85d8efffd56c5759f8f4d12cd816e193bb21799e9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8ac2884cd000cd7823a6ecf137260015
SHA1 bfaf9a12ae772ae2b4ef2060bc16b4b2f810bb1e
SHA256 7e824b7a0722a90511255aaf2032bc7d20b318620991c75823772f42612e1d12
SHA512 75e0e6a4e74c795ffd3b04ed6e2ef2c21dbb9c2f39e2abdd9e9ec9a6f8a25f030367abb1bc69429ba21c16ce7e0079f7116be07e5f98c7ecdc0105599e2f5630

memory/2256-2016-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:34

Reported

2024-06-12 13:36

Platform

win7-20240611-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"

Signatures

Renames multiple (3755) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3e8ca8ba0b9512e5dc4cb0799d8ba340_NeikiAnalytics.exe"

Network

N/A

Files

memory/2940-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 9c77ba0e70a45bb1d49cd7dac6ebdf9f
SHA1 9e712aee38864a62925fb05bfbdb34fe17c95b1c
SHA256 1891163fee0ed4851b94a2d492c6846ff33348bd54d91f6dd03a36f9ec764009
SHA512 201fce91f35609a01f14afcff1157ff5c5639829d1679516622e612a4d768be7871a6b068b85bb2a66ee6aa34f590f9d0056e164d16a516b035d7c6eaa74c823

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2051d6e5729407d71e35d7680d3b941f
SHA1 8a31cde82e550d6922ec1edbf10a435df25dfa0b
SHA256 72d175d3576604eec91b1bbce23b0e7936a9111e44a54f88278ebf67e1385be8
SHA512 303963e055b4921589c5cfea262e56cac0f83fdea8f0cb51c518e9b9ececbc1a9e3e195ecf58152e1585e6627b1132f03f78ecf811e0971480aaef839877d7ba

memory/2940-666-0x0000000000400000-0x0000000000408000-memory.dmp