Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dzgbnstcpg
Target 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
SHA256 540c58b0344f9538724c9c683b00be871ad8dd0a1a1b30fd9c9636cd1a60fe03
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

540c58b0344f9538724c9c683b00be871ad8dd0a1a1b30fd9c9636cd1a60fe03

Threat Level: Likely malicious

The file 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3832) files with added filename extension

Renames multiple (5194) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:26

Reported

2024-06-14 03:29

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\JoinGet.xltm.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3932,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1412 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 dcbc7d63f865f670f9267865291ea7ee
SHA1 7298b5c2b66aafb5518a4df39ffc455c69547439
SHA256 7e5b25a2ea58f04a85854b5ae19ce59a7c97e195beba7cb205fc2bc8b6960219
SHA512 9a9a13e4e5d852978b30a8e4574184704425b669bdc565fbb517268fad10489ef236cd041182d3a08285daa2a4e1e0ce3b88e9a60c6e35c30b26a1724b6bffa4

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 d9588d6971725a8262715c227e22a985
SHA1 d0dd1f540f3c30645675a6b624a8977c34000b5f
SHA256 4f654b064789fd601a64d26d5c664bf5e85d64c161065efb02f8cbc2f82460f7
SHA512 cf962009655423de95f26f0d158764ac17bfdd9b41adece50c53787ede3db882e62ddd9c7532317f33a05aff029d1c64e21aa6f32de2de0fe47584dd7bd92399

memory/3492-1-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:26

Reported

2024-06-14 03:29

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3832) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1924-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 9d777fab351b7a3ab9f8414e1b9b4d28
SHA1 332113f0f24538297b4408ac6c4113be20f42e35
SHA256 c1bbe6d0227182ad2af10e71a269328a576cf6a03ffc1c967d3cba422b998e04
SHA512 8081844a00e4a55c6730ead9d256c4d83e84d16c8e507065a4c8676dffa904f3c5a2241650aaf4963abf727489295bd5a5c424712f6244299d484abedf0d8948

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 435f0c52cb8f5644eb52e17e38ccfc4b
SHA1 7f46b7be793454e9460b0d174cbf1b0c0a70f7f4
SHA256 455294e586a3e94614c95988974f2be830f8b5a88559df5a21bd21af8472b56b
SHA512 76bf227a37d2f80dcf1600ef83cc5dbe6c6f9152ef1e0cde6cea5bdffc35abb7db126b48a60c566012250cda59d1ba5e245d4f1a7b342cae81bf05bd73b7ec0f

memory/1924-668-0x0000000000400000-0x0000000000408000-memory.dmp