Malware Analysis Report

2024-09-23 05:00

Sample ID 240613-jfz8bszblf
Target 69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe
SHA256 3a9d714cabc192264004685da0f9e864d38470e3f469a11ec40310478654426a
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3a9d714cabc192264004685da0f9e864d38470e3f469a11ec40310478654426a

Threat Level: Likely malicious

The file 69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5260) files with added filename extension

Renames multiple (3738) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:39

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe"

Signatures

Renames multiple (5260) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNG.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe"

Network

Files

memory/2896-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 c20dd7bd1ac757335ed89e4fecec0bb2
SHA1 8e3eddf2f69fa4019f88460f20354ddfca9ea421
SHA256 27e6ea0a3f8874818a439a9294ef275c2d4f5e6b386e616e9a3612b04229558a
SHA512 1f26ed12f45a1bd406d7e3e8af17f871c667293591c7a411cb4cef82df3f1d0da85f9dd33d2468fbe2a96a7a69c156b36f810ca8bc1e6d17e045f0c3ade19fa9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 261e038a4cbed80bc44b71b07697135f
SHA1 d196393ad40c67c97736150b095692acdc6d4b6f
SHA256 dff11a5b1625fc5e44a336bfa4b7a7e1edd2367c5ed8eb6a14bab61549a4a11d
SHA512 a8cf5f9293d3212270c857d6e74a15b736e41cda55886f4e58e5617f3e60bf2cfa309251245062dfb8164fb32f8fdfc93c3be1e0e0f625fc431c62aa495a09ed

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:39

Platform

win7-20240419-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe"

Signatures

Renames multiple (3738) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\69ba4e79cba0c7019172ea65b0048e20_NeikiAnalytics.exe"

Network

N/A

Files

memory/1860-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 e57acd1ee2ba1b5c3b4a53725193cccd
SHA1 b411fb8446875a54d35acbf9e0afbbd64186ebb9
SHA256 dc8b8bb019bb321cd4d29460ada0ff9bbdf68f43c410485ea6009d96d197934a
SHA512 50590f1fb8ca499f7d70d56db2fcd78a418419c1dbf70d11e44cabb221b43016e872719e099e0e62506c7e4eb2be08813d9e5d185d6463908533a8ea33950ab3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7cc4792b477898237f3d61892b24f984
SHA1 df2a29cb5e78621e002731f1b548aa968efb39b5
SHA256 56ac3301af0d1aa45293f4081a2029abfb72c601a97b3dbaed5e8fe4b1e9444d
SHA512 65455ba4bc6c233efa2092f8743ab492c44164470fe2b4346253d8250460c6cbbe919cad79c809b75171aed0fecdcf8e8a87b7c7e13c07036845b5b806396e44

memory/1860-86-0x0000000000400000-0x000000000040A000-memory.dmp