Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-fp27havckl
Target d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
SHA256 4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf

Threat Level: Likely malicious

The file d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4841) files with added filename extension

Renames multiple (3447) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:03

Reported

2024-06-16 05:06

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"

Signatures

Renames multiple (4841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 226.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

memory/4128-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 ad59dcb962b8ed66ee0c01b680f85cb4
SHA1 5b2d249bb200c39293ae95f14aeee41db2a76902
SHA256 30ff968bea339503de10d2b6e1e7cb06b835d9face2f40b0a0ff0ce7b207cbd0
SHA512 2b342118b3f315b30b48474c04436fbc6c121cfa53deab314a168e19b11b4305275d0e0e9b9870bbd15514e157f996b110b6587cc70ef8b57f11e7683cdfeccf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 387ba98178119cc67c97131bbd4ef223
SHA1 345b34945e28294ad82f6c2873c08375c388b883
SHA256 9fc33f558434667b17ebde58a61b7e90a063d129bc16caebe169965272177182
SHA512 358e4d688e1e681b46b911e14a63295015c34d1258c67d6f19670a9d14d9d8c8b9c391ed0c7bbf8e5c1fd81fc83597ed175c6db31fbfb35cf75892fbfb678202

memory/4128-1762-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:03

Reported

2024-06-16 05:06

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"

Signatures

Renames multiple (3447) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe"

Network

N/A

Files

memory/2424-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 987c8bccd0a475437750ad43ac8c8e5a
SHA1 04d8b9faec1a9bb712554caf863cebf59acf794d
SHA256 ad76851deaed21865b987fea5c3945a29f408c2b0fdf49c0b1db5afec52f7f8f
SHA512 0e7c65e16eb4b19787e1ad634d2fc27379cbaeb4ecf557638193d4222acc7a7bd9bd6899b7d59ed1588ce071d5cb597d379305ad62ba9ebada6f42be193742eb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 929e452d7b4c54fa361e0bf1dfb59189
SHA1 deed832df1e60b833bbc5cce8e5ca902b16a683f
SHA256 681e976f3c3a1b2fe733922ea2ebb49b491087263b471967186d9ad711768e3c
SHA512 f660b94139920e6634a5070f17c12a152cf9be2edbaf6825344acc6cc90ef104d6f74b5f40f387563fd8957f36a1769235265aee84e39804d6137e4b29d4e42f

memory/2424-642-0x0000000000400000-0x000000000040B000-memory.dmp