Malware Analysis Report

2024-09-23 05:06

Sample ID 240613-fjgnlsydjq
Target 5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe
SHA256 04756175c4ccf9693c3f808ec188e7231735e57aeac1f937895699d20f9303a6
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

04756175c4ccf9693c3f808ec188e7231735e57aeac1f937895699d20f9303a6

Threat Level: Likely malicious

The file 5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3548) files with added filename extension

Renames multiple (5198) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:53

Reported

2024-06-13 04:56

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/536-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 98cc6450df0dc29f845e49887294bf25
SHA1 86b8aecfc12187ad30ac29e9d731fd4829598893
SHA256 2400add76b4ae0550de83ec219d9e1c38f6a86c5cdc024db7e00d8e3106a96e3
SHA512 4cbf9e03b47f2800a72d810b4a23e952d82611f068fd2d92eb9cd8be69f97524096f2b1b0d71c9f2ff6f06893b4b7b60484ac31199daa1620ee207c776b2ca94

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8949597c5abc5d60ef05bd844d810909
SHA1 c6082c3b993a65bbf8084e8764bd053b2d60a0d9
SHA256 5e9ec36e8fe1e1702cd0f3ed72085472b520081b9c23d31245aeb85ecf35df64
SHA512 b5423273083a980342ad9e5564c1a26d8a91b99c7687d9906bfdb70cf73a2887a9d18599b650d505b3751fa7400151c808e24afdad94afc95b39a5754bb8254d

memory/536-1950-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:53

Reported

2024-06-13 04:56

Platform

win7-20240508-en

Max time kernel

150s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe"

Signatures

Renames multiple (3548) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5ffb6965f6ca26e1b5da112c843e7670_NeikiAnalytics.exe"

Network

N/A

Files

memory/2380-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 2a03ed5cb4dea517bac0281ae8cbd64e
SHA1 01722adb4f6f7be0eba6615736506206d87ec67b
SHA256 db08a9ea8f3bd2d43d05d6211b7b202063736df980eee2263236ee80a4bc9b03
SHA512 85c5b36e72471a30cecaf39522cd31c3aa318c067e5bddc13722456ff64ce9b12b5c1d8f430b4848ff9cbb153c23e9e921543d4c64a92501dd7d77ac54376159

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 afc839f03946021b7ae1474bc0e10e46
SHA1 f548fadff754ccbfa7de5ab2f2d49b2da5bd0491
SHA256 7af0ab8f9c216030ce3329222941a3c72bc7c054524712c0a36db34474cf24bc
SHA512 5d9a5d12a4db4b0e7674a5346121b185a32be5ba7ba361ff30d074df2afee8bbeb51abf95b7f3b9aa1954d8e38de0ca9beb6aad93f2d932656e337e8ce6002f0

memory/2380-652-0x0000000000400000-0x000000000040B000-memory.dmp