Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-e9mrwayhpk
Target a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe
SHA256 38c90b5c222b349e8753d1ee507fd48148a28f2c477f9435eb73e1d24f47ead6
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

38c90b5c222b349e8753d1ee507fd48148a28f2c477f9435eb73e1d24f47ead6

Threat Level: Likely malicious

The file a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3521) files with added filename extension

Renames multiple (5278) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe"

Signatures

Renames multiple (5278) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNG.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe"

Network

Files

memory/1820-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 1352f627b72ab519008fdc123bf364cf
SHA1 25a3615dd64dc74daea870d49b7f0c7378561cf3
SHA256 2400415a6d8d72e18cd98d3fcf2fc8a418cb2ff597481fd030365ef95500ba3d
SHA512 fdb533417eba5d721ff9a0aa09dc89e9051f6a4d702501cbc1081b260186f106ecb3aed1af2383c534a908c3d34c34fc400c40604e6fb8ab61401172f383a867

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 96d6109a1fdaa694fa4f9c410461f914
SHA1 4759bfce5d68b07b8348153bce0eb5bbd4c984c8
SHA256 e9215b4c9f55dfe9b4ca12a1c0a87c7df9f5842d9d169feab063a46a14f5afeb
SHA512 b6be0d196ac365e509ce344daf2d6c9e73c883a64ad26d2955ca0aa5a2e4b1bd3faa5862d36f9d99ced13413615a0954fc6b5135cf19374c60474589b182d453

memory/1820-1210-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:38

Reported

2024-06-14 04:41

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe"

Signatures

Renames multiple (3521) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2b492ef3a3f031167edb0884ce4eae0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 33889e3768ceb0afcb72fe140e4ac610
SHA1 93f41bcb5903e60299f513db14b3552d68717a2f
SHA256 e3ad94a28f2362301b309965db5b6096045c14af63f2ec0c81b074ee65a18621
SHA512 371e58320556da4f7c429e4a353afc659c40d4269dd7c5055f4153793c8bdf56818ee965d3119ce827018e83871f1da11b620745f0153dbf94559f5035f6ea27

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c57b329cb735340ea0f0739f692e7e36
SHA1 c85f2c118e4f513aa54a0f968af7901ee3844919
SHA256 de729eff629f8e9b956f4d5132a76e8a6c90154a2c0be8036e9a5ec433becd69
SHA512 156101793bbd5265e8ae4c069d0d06021b646e00c593f88dc2a8dcbb6b1b546fb13165425ffc6b9b30ef6ec0e9c2a465bc494114099c3b4594a5ec1d92f1b4e1

memory/2384-76-0x0000000000400000-0x000000000040A000-memory.dmp