Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-rb33es1enn
Target 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe
SHA256 d12f3c83685e2c8b3b8330992131c3e05d29f8d6d47f6ff27d43406a18992430
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d12f3c83685e2c8b3b8330992131c3e05d29f8d6d47f6ff27d43406a18992430

Threat Level: Likely malicious

The file 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5197) files with added filename extension

Renames multiple (3472) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 14:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 14:02

Reported

2024-06-12 14:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5197) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe"

Network

Files

memory/3452-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 9ff4a17ba54236273eebe29e9ea71692
SHA1 93f8650f41e42aee643cc1773ce3030b127ac576
SHA256 6784b1dd948b9c4355e1b06992a5237705240d8340b419f2339f0e390fb9e55d
SHA512 00adbd753c50a4dd85515e9bb1d52f7891c486fa138f4f2bc3d7c922d9a4bb70ff6a39fa0c6a823dca3c3c23ccc9e61656f5a5284b8652f1ed920987d1ba091c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 555b0c287cf3de01b3f037db5993059f
SHA1 b0a1943097d6d95c99461cda0eabd87c7f8a4463
SHA256 196c9c8cf8c9370626e8f9c4c5cc07e316270d64be2f3a478398f5075e6a45ec
SHA512 fb5428163cd9835a286211589619a02e5e87fd7c09809235ed035e6ee812d7dbdd4ddbf6d7a1574885b69939dfd07d81b44ed86a6d2873507e3b40cb07f23724

memory/3452-1910-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 14:02

Reported

2024-06-12 14:04

Platform

win7-20231129-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3472) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DebugRequest.dib.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1652-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 6f59c58db78567dd65383fdca3712d25
SHA1 1d527f78397415020c973ace765d7860a98c4543
SHA256 2b8fab7f7c8e1fa690c86173fe0ea0a0ba28cb1eec89bf82de5a291dd1f80862
SHA512 c80426efd39fff858201479a3c8a130ba7ace62c28da97bdd35a9bd0b54bcca3892bf9ee1dfceec538490772fdc985e4d192efd97030ba80e39b051e99ebe295

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3edfa80b84c083decea74e01fd0a28f7
SHA1 1dd16bea6315d6caff85ffd6ff9bfc0eb61e80dc
SHA256 3607bdeadd483600649690107cace1cb18203fb4a39d557e09a1e90cd4774e63
SHA512 f49af51b1bdc2e45856ff163f403236b6e9eaba68eb5475102943a078ad2b6824af17f304d5deea717ba86e4cf58913c2246826e9a86e471db24ac0bdbf6772d

memory/1652-648-0x0000000000400000-0x000000000040B000-memory.dmp