Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-ke58masfke
Target 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
SHA256 3927d414c049e273f46d16d926b1a79f90a2b33b47c9273e63b334a47f542c59
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3927d414c049e273f46d16d926b1a79f90a2b33b47c9273e63b334a47f542c59

Threat Level: Likely malicious

The file 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3493) files with added filename extension

Renames multiple (5262) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 08:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 08:31

Reported

2024-06-17 08:34

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe"

Signatures

Renames multiple (5262) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 23.53.113.159:80 tcp

Files

memory/2620-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 f5e786d136f9d5659a59285a7d916bac
SHA1 29f6c6e676f4299c4ef0fb1a2b56869719bb3452
SHA256 b62afdb5d840be779e0a7cdb82b6869c42f7cdc8099759a570af86378a058f1d
SHA512 1683044d47c4154fb8572814e150746a9d41e346281885dd814f3e75f372070741fc578fb35f3bedcaed9b4a66d7835a1b57c4af62bacc1fcc70f21ffc75cafb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c51b2b117c9d3a054730270b44b83efb
SHA1 7fc199eb3b0ab6bca9063066db131f24489f89c2
SHA256 fd039d66faec2108ba5d604e34069df7c7309eef92590719c258b2b599caeb71
SHA512 f2170e891b2514bc898aed6b98173950ff1589be1233db92595d31f1ca134e964caccf160a1d5ccd12560ab5c9707ddaadce78ce90bc331b8b23c22c58654b89

memory/2620-1956-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 08:31

Reported

2024-06-17 08:34

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe"

Signatures

Renames multiple (3493) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Media Player\wmpconfig.exe.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe"

Network

N/A

Files

memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 11cde4ee9734086ed72b9cd26eb27d0e
SHA1 7c7bad9e2e8b850779e0535aa45516b390e7ed69
SHA256 d2b2d859723849db624ae00c623864f2a298672f572e8a0f52f246a98991dca5
SHA512 5d9ebac37123467f596a0b8015fa0d8fb3e3556e6dacc1c31fd57006665bec3aba27859aeec172a9fa8b5122f77572bdb1358bbff6b3830c15612096823f9edf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a0ea7a60e20fd734b404736b3fb19612
SHA1 e323e77ed3691a6f3b6cab5f833ebcea40053525
SHA256 905a0490450879a085db20b6885ece0458b1399149f74c625b3d654251c4e683
SHA512 0d6c64d2b205e1b660124e2372a141753def65a214d65a925d682acaec53d6ba26546a97f7d347e918f320f1718fa4a901cc9bce80c262d325012b8aaa0864bb

memory/1656-646-0x0000000000400000-0x000000000040B000-memory.dmp