Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-hb1gvsseqr
Target 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe
SHA256 3b3b8c03dc75e294ee764a820f27447145410c894c0697fbb78ab986126b71c5
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3b3b8c03dc75e294ee764a820f27447145410c894c0697fbb78ab986126b71c5

Threat Level: Likely malicious

The file 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4721) files with added filename extension

Renames multiple (3440) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:34

Reported

2024-06-17 06:37

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe"

Signatures

Renames multiple (4721) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
BE 88.221.83.210:443 www.bing.com tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp

Files

memory/3428-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 933c619884f1c0e98a9e51d00dfa1060
SHA1 4f41ab6e52aa7ae64a6274a81613300285100b20
SHA256 685e5bd821da9c90e27e5269ee78343c31659f8fea2dce4cd44cb609a036b751
SHA512 18c85d5c599303c17aeeba6fb25afbbf2ddb54186520226d5c4b605d6df65ea939dd94640033e4a6220dc3972cc49cc85eb5815d3ce228f916975c9cb5040c7c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d2ce8d05e06c4191631b4441b16a097b
SHA1 41be20c38ebc53c89621882bb2f7df3bdde25e02
SHA256 e8cfdcf7f2aa021cd2d513fbf3dc9a38cd274b714a13326a558a333b900b8d7f
SHA512 126e051c8b7ddd547ac63e449e4150e66271c0efdc37c88aa283c0f787846f3bfbd5c855c91eaf1d8c36c7f017ddc3651af4817710d094190752d1cf311ac50f

memory/3428-1667-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:34

Reported

2024-06-17 06:37

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe"

Signatures

Renames multiple (3440) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe"

Network

N/A

Files

memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 ce62864b918b83b37bbc0269ceabe355
SHA1 fa8e59d12e477a069faca4a340708e3480e8946a
SHA256 fd5d14c1e8ca19be0e2fa30c7aaa987b50e3391256c95424f6501028720ebd80
SHA512 a0bf4a5187d05ce1b8857a8f87a0962cd12587b6df1748fac52c80246b576475d600438268500c43260f447c7a915c39655f54879d535869ddd6977382fd5534

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cb7cad0cf4516ddedc4f990d031d925d
SHA1 bbc3ae5ebb3663f7cecbbd917865998cf8946f42
SHA256 79b6c7c40dc891745af7904504f3fe2929604c8023ec97157cde5001dea4f580
SHA512 799c9857882e833a744da189c0cdd8da732c8e783d85aea9bbeaff34691410df9418131c63b85db7cfdeed9d878f33110b9007eee06cc0ea37fc705474b9512d

memory/1752-638-0x0000000000400000-0x000000000040B000-memory.dmp