Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bqvftszblc
Target 968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe
SHA256 e9f1a25c0523f458fae20da83a8d064688d1ebf60a96743701fa2b10deae4901
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e9f1a25c0523f458fae20da83a8d064688d1ebf60a96743701fa2b10deae4901

Threat Level: Likely malicious

The file 968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5177) files with added filename extension

Renames multiple (3544) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:23

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe"

Signatures

Renames multiple (5177) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe"

Network

Files

memory/1608-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 04cd55ace22e8e0f529b300a0e4ff814
SHA1 50f2c875ce6d748dc6ab7a75ba1ede98c0c0ad83
SHA256 2cc698af927dc69f428f394aaf09d9fc1783ed23f604480be173626f79e02132
SHA512 6cae3815fd1289db1604978ea0b806949236f4da8b87b008380bc89d38c91959cc72882fcd6469c983094dc519f52dc86d0358d341c14a3eae6f3412610b0395

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 af3b8b6ab2077d32cdb8eba5490871c8
SHA1 828223fa3e0c39f0859a59139295712965b5cc1a
SHA256 30ba7c677126fbe6f74c3ff89ca1ec8c97b91ed25bddf8a191bc3085ac2d34dd
SHA512 6d28a1337ebde8adbefcdfeff18466b8341cc594c44f914b9b37349abad8135a9bc95c287f9307e182c750b0e23e35a2f39b34a1411c162a6a6a8e3c03de40be

memory/1608-1810-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:23

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe"

Signatures

Renames multiple (3544) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\968afdc40103151c4608b9cf5f598200_NeikiAnalytics.exe"

Network

N/A

Files

memory/1868-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 f57375012101233ca2de457d00eaaf11
SHA1 d82686284b4033b900c489cfe74e2c2dd8afb9c1
SHA256 9b59d5398f0fe8aa1c7db798c927075a5d87b050a44e53af177ad5eb47d9b9c9
SHA512 e63517f7c114b065f973c3de8d001782c0d2bc28a695cc1a48e672a5888c75f94b602c014b79860728d3c54bd8cd055cc7cdc077a26a7ddd72de26e6e941cf39

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e9ac5c44038ec7c6a3ff16ae34d4eed2
SHA1 914cecdf5c18c22bf29dc04e82dc99538422e921
SHA256 9e0bbe8fe8af0b66f1be697d42aa5528d4e79aa4b715e73b9b7bf7d25bcea62f
SHA512 3dafd5b20e58bc7ae7d68c193d62b297c1f46e07df0cf57e8ae0c91854f1c9d539b12c0fad941667df9f1a32faae2db298917ee5f9c52148285be9290aac3b68

memory/1868-650-0x0000000000400000-0x000000000040B000-memory.dmp