Malware Analysis Report

2025-01-03 08:25

Sample ID 240616-2qdfes1hrh
Target 171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe
SHA256 23558d9d7ff108dd28e8c050e2191ee8061a6cf60767e9e62a2439bb992e9d5e
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

23558d9d7ff108dd28e8c050e2191ee8061a6cf60767e9e62a2439bb992e9d5e

Threat Level: Likely malicious

The file 171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3435) files with added filename extension

Renames multiple (1138) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 22:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 22:46

Reported

2024-06-16 22:49

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe"

Signatures

Renames multiple (1138) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\ApproveStop.sys.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

memory/4888-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 a0a722d897593f95be7e9d3626c363b0
SHA1 5d67162457cf463359422d63aad314e0ef514fb7
SHA256 e762d382e1ca51e17274954216af31fd89e35fafa0f6a04944f10f9594909c4e
SHA512 f2931069acad64d4f4f72f1b58e456b61e4bf7464d4798f34d3969868d3a4f0b5ba017da425c71e3a7be62f225bc6fb7d81a102f0dcac85a62fab9e12331ef19

C:\libsmartscreen.dll.tmp

MD5 a09987d59046d4cfe349d192bd83dfbe
SHA1 bc3c94a3c8ddff52ca74ecbbbf76e463ade630da
SHA256 582e2a43c2a9d28888b650f81fae8ad64a6e8e9af146585ba0ee2d3ed1b0f5da
SHA512 0dd108204781862bd8281ad39670a68ad697f55e9029d0b5eb9ad55d94f0ee61de3c09a31e50655fa67ef593d204791f95ef66e473c01ed2047269687fb42695

memory/4888-462-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 22:46

Reported

2024-06-16 22:49

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\171eda298f380739255d4e7f3414dad0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 f9975329a76e440dc1a3bfe00a703066
SHA1 a75dc107cd2720d63a027c5ac9bd9a5ec7ab9c77
SHA256 a5406a83dd14d3414e964b0de3dc9aa7c6e7cda5afe1ddf6de4426028eb4ff54
SHA512 5b2990ae920d06e1dda19d17c035b6e430b67318b310103b46551771bef2885fb33e2896155e236b6639534d820ffeb34a0994889c8c7fa4516416c74099f5fa

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d89ebf73f5ad0025baa11885d6bda318
SHA1 f5f251a02dfa27a7e9662d62c86ba58abbf8d032
SHA256 40ab605db4f81ffb0e943e7fa5b22230ae2e08cdd22d611799739db9ff115a47
SHA512 6e900791ac53d9e2c3db0f254ea41309b24dbdaac0e6a928bf234ec38eaeeff1a7aa6b3323406ff6c1ade52e47bca539b211ee7a9f1d5a7dcb797cfa6bd1cc8a

memory/2172-602-0x0000000000400000-0x000000000040B000-memory.dmp