Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-b2dx8aybqd
Target 2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe
SHA256 36155cb6e5f98778b1127d6bc2d53e5d74c9defbd453ade3487a10b3acb9b743
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

36155cb6e5f98778b1127d6bc2d53e5d74c9defbd453ade3487a10b3acb9b743

Threat Level: Likely malicious

The file 2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5199) files with added filename extension

Renames multiple (3526) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 01:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 01:38

Reported

2024-06-17 01:40

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4624-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 df048e642a8ae8cbd0b1837a00ec9c26
SHA1 969336a8bc051743c7836b2871be1979dc88c67d
SHA256 a850678dd59569d4926f0e03c2c9988b1a2df9296c5efc4894c73618830ba18a
SHA512 7fed95d24c47a83d57b9282916527fd7cbeb7d5029f57611991726f60d88d0b8017574b32a1fdf9a109981f0b315b2d81638d95830f962c25b549d65777bc09d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a08ce31defbebbb34109632444451a9a
SHA1 c3d07f1c26ae75dbe2c4e48dfa47881da49549e6
SHA256 529295ad1ddac0d41608eeb0667eee192aa83bc96b6ba966bde4ae46abc7e0b2
SHA512 f95bd8302f9354bfe01824ebc272474ae28aa547a020c8deef914a283572392235fcc9f55d03f62fbef1e88aebba85b8547c1cc08460b7e5dfbb526f63bb2de7

memory/4624-1896-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 01:38

Reported

2024-06-17 01:40

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe"

Signatures

Renames multiple (3526) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f8513254f8bf8bc1f1cdb3f71aecf30_NeikiAnalytics.exe"

Network

N/A

Files

memory/2924-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 64716b6999ae3aa1ed3ae65aeb3c1939
SHA1 6ea4b48818cba5c8214b68644276196757eecb66
SHA256 513bc0ea72d0212f0097f710f1c586f473b137ca7dd54c9817910315dfcbda27
SHA512 bf73ad75e6ba978504430340edb533738784a021b13c3177070bd53842df8df84bfdb70b30666391e63a6f56f4a5eeb29a2d3ef47e101345676737842b9ebe37

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 745441d44bcf7bdccb57c21ce721db8c
SHA1 5a168b223dd8c2a8364cf92d512ca33949f78eb8
SHA256 94cba96f4f677c0f60836bc76441aa4c0ed1d476ce1445ab90233dee0bcbd74b
SHA512 664bf23c9e03a46cf050734b378aecc6043f12697b8031c8b7319151c2d3d225c9e9b7be87688601195936d4906bbb47263c6c9ed622ee7d90dd954861dfa0f1

memory/2924-654-0x0000000000400000-0x000000000040B000-memory.dmp