Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-fge21averd
Target 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
SHA256 fb870e33245aa45e14a0ffa9bd62b04b28c23ad98a8acca970f9f4a4d03b17ae
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fb870e33245aa45e14a0ffa9bd62b04b28c23ad98a8acca970f9f4a4d03b17ae

Threat Level: Likely malicious

The file 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3286) files with added filename extension

Renames multiple (1371) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 04:50

Reported

2024-06-17 04:53

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe"

Signatures

Renames multiple (1371) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 142.250.185.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/652-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 dbdfd4bd9b200b9ef348a214f9ae592b
SHA1 9f789eb6eb964849274af8448d129b72a642c7c2
SHA256 018a0c41e43601fbdc0ffc19d35a4cb685059122d29f40cfb1dba08882230559
SHA512 d7b61b6151a27daf1e52faf0f5851f2e464ac8988bf9ba75db1047c7f5a94781586c1e00d22eb7dd3bcbd6567105ee8d95f8453b341b7dcc280ce43736665709

C:\libsmartscreen.dll.tmp

MD5 ac74bb648d1ab2f64aa0d583f70a1b70
SHA1 b2c5427e2765b1baf24a309bce0440fa71df937a
SHA256 31920c99514d8fc598aa21e6ac89dedb2844ae02c6b5eb479e6c0012b3f9ef1b
SHA512 8083523531aa5322053c33be9944c6623cf2620e823ad92d02fcba0070011196b32cbb618daf3b1706f8de6fe65e78354410f9de8a4a42e25e79fe943f7b77e2

memory/652-430-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:50

Reported

2024-06-17 04:52

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe"

Signatures

Renames multiple (3286) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\RegisterExit.mpg.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 595d1e5910742e62dad01ef3952e60c0
SHA1 0ef2f0c61c1a404c7ba100faaeebc254e3ae47df
SHA256 2c65eb0219846bab76f5d5c1edb695684e54757f29ce4dd6ca1bff3398154ac8
SHA512 c5743a7961b6b377ade39aad3027afd2c185f9beebaa0fd3a12ad515be9cbf4ced3fc3d3f108778e7371352872f48c6b08b478cb07d4c38b7615fcd73a4aec63

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 64124afeeac441185e90a14bc3fcb5b6
SHA1 aa319ff68292cb1a123fa4ab8961ff2dcaef85be
SHA256 0f76f52ae6928f13be2dd75a6f2e694b66f7d7ecd3d9bbfedab3e013e7ae324a
SHA512 e44bcbc9f8779a1a7f3113e58bf4f8a693b2ee6d63a8646be9068b9aaf90423d367b77909aa668ae20c09b04b6b42818570c3820fb4611e2a590a8cef4774d41

memory/3012-642-0x0000000000400000-0x000000000040B000-memory.dmp