Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-bd3axawhrb
Target 29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe
SHA256 c51f822802ed9684c648509dabb5059f4f1dbaf39ebb37d2f52573fb9c38b30c
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c51f822802ed9684c648509dabb5059f4f1dbaf39ebb37d2f52573fb9c38b30c

Threat Level: Likely malicious

The file 29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5266) files with added filename extension

Renames multiple (3765) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 01:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 01:02

Reported

2024-06-17 01:05

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe"

Signatures

Renames multiple (5266) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\README.html.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4244,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4808-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 99eff145970643fc6c3f60633a30fc05
SHA1 26ac7863cdaaa766729a6fc650607f409104a801
SHA256 d88c197823c44f628366d7b2c0ba60c989d6e70579eb03fdcf1b529c5dd29198
SHA512 5f4ea6786fb3a1f22dc7646292b430a1dcf03612dd954287514d833586f058102b8f9d97e6f6747971fd64f4d39547e2c5a0aa19be57430ce141b84e990dad23

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 55ce56d23a3f828cbed14f1b951c31d3
SHA1 4d38556e30a28033218e462af683a4821decb16c
SHA256 8615c6460bb0fa1e8891946fa99ec674fcb12fa79b0d5e9b126309b5ea205c3c
SHA512 f83df9721f98bf53603efeabde209225a7e3fa2a94b20a71e174f4b8efd67a892170ff9b1ffc864126010408e295d6a40095f2a6bb1609ec91c639db243f017d

memory/4808-1210-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 01:02

Reported

2024-06-17 01:05

Platform

win7-20240508-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe"

Signatures

Renames multiple (3765) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\29beff936466e752b9a007fd7a7f8a60_NeikiAnalytics.exe"

Network

N/A

Files

memory/1620-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 508c46c304f94054fd2bc9924a285800
SHA1 479e5e098b06813eb92ec700282ceae105ef12ce
SHA256 236a7876739588c55d5a383fc5843e0b9efeebd9e3fb5b010da54962f068a02f
SHA512 4416dff7bc931032ab575a5334e5a34d71d8d3743ed6e527f57f73528eb43ab3562ffbdd8a61d6b9402e4b62b4203d4ed16951bcf696a58868b357880a00590a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fb486c6ecce76ddeb6d7eef42a1975f8
SHA1 8fa7f8247cbe89e76d64e6d896e5dbc6bf5a5fdd
SHA256 65a24a87b98b8161f172d9667870bfe9ee109a41895a780095e3895227e6c338
SHA512 4408a4656832cb02a929ef664c25729520a463909d5679093b82c703a977e6b53095e6cdab76317ab3ede30fa7a31d5e662fa5ed3cbfa8d0cb186a0eb185067f

memory/1620-76-0x0000000000400000-0x000000000040A000-memory.dmp