Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-dmmmxs1fjh
Target 3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe
SHA256 7ffe5383c0ce585d7cc6c3ee28d1d5fcceffb0aa94206fb934fab878ef555f4e
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7ffe5383c0ce585d7cc6c3ee28d1d5fcceffb0aa94206fb934fab878ef555f4e

Threat Level: Likely malicious

The file 3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3756) files with added filename extension

Renames multiple (4836) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:07

Reported

2024-06-17 03:10

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe"

Signatures

Renames multiple (4836) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/1424-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 a90f87ed8d1eb6481ea41da74f2731cc
SHA1 5928f601b3bb70679e22d46590b3a406b4b6cd7c
SHA256 1a271906f69e6f6656bc8b7db1e13a6311d49d15b46d77bd6ea78a9456038125
SHA512 406e3092b27f446e2e8a75a3b6d6474b895e9052f05a7dbf30447f2e0b88ebdf1bda09ca1dc8ab7d733e73735f4c34b0461ec25f396f2c576f1189fa31ca0579

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f500b80ebf93ab43b5af537753815ede
SHA1 edb984d25e121d14c683a0731d888f7469daf8d6
SHA256 77792965064e6a076e5b9bf2fb2da48d813203f1773ac7ee3ae6a1c503a4b19e
SHA512 7e3fa6b52db88db446267040ccf8504f9efec5c1333156468a8b277aabdffb118aeca5d891ca365b473b69327f98b617743f27ceb6e451bfcf8bbdd12086c561

memory/1424-1784-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:07

Reported

2024-06-17 03:10

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe"

Signatures

Renames multiple (3756) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3cb409fee555abc5a6f45d58ae083370_NeikiAnalytics.exe"

Network

N/A

Files

memory/1796-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 b3434685743414970fda636ee36429ad
SHA1 dc56bff554411a2c4b95019442eee076e0da8f73
SHA256 dbf70f218add25f3f888f1a59d9f4872c8b843bfe6941f5ede6c8cef3a34afb0
SHA512 7007ec0b89a642c00cc380fd6803f49e7c93ebcaf94df6fcc742938772d21bd6ec27121dcb2fe0a7393eff97f06ca5b16cdcc3df8c8aef7737458e64d5c4b309

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ed8e117e2a2d09f012723c97c7436cda
SHA1 7714ac2ae1799fdb014037bc6375e8c9865a5571
SHA256 0ab430f59dccdbb492c835b6cb896bfe31e2f82ed914d9de3f01cc1be9fa8bf2
SHA512 a05b2b111bd6db13ed177b768802e7abca43bb59efa054a8ca77d5393b246207a489fcade7ae94a28caabd578d671c6a32c6c37ce1dcf7f4a3aeafb769e9fac0

memory/1796-652-0x0000000000400000-0x000000000040B000-memory.dmp