Malware Analysis Report

2024-09-23 07:02

Sample ID 240622-nclmzswanc
Target 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
SHA256 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7

Threat Level: Known bad

The file 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Renames multiple (8234) files with added filename extension

Renames multiple (8237) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-22 11:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 11:15

Reported

2024-06-22 11:17

Platform

win7-20240508-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8237) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185798.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\NETWORK.ELM C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ACCSBAR.POC C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\BREEZE.ELM C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292286.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR42F.GIF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\EssentialResume.dotx C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Windows Defender\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.POC C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8F.GIF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\INDUST.INF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0211981.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\SPRING.ELM C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WPGIMP32.FLT C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\management\jmxremote.access C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"

Network

N/A

Files

memory/2980-2-0x0000000001B50000-0x0000000001B54000-memory.dmp

memory/2980-1-0x0000000001B40000-0x0000000001B45000-memory.dmp

memory/2980-0-0x00000000003E0000-0x00000000003E7000-memory.dmp

memory/2980-4-0x0000000001B50000-0x0000000001B54000-memory.dmp

memory/2980-6-0x000000013FF10000-0x000000014000A000-memory.dmp

memory/2980-11-0x0000000001B40000-0x0000000001B45000-memory.dmp

memory/2980-7-0x0000000001B40000-0x0000000001B45000-memory.dmp

memory/2980-13-0x0000000001B40000-0x0000000001B45000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF

MD5 33ca78a611c8c2462231235b57d24f15
SHA1 b896a03ba269a2cd4c867eae907b5dc614767933
SHA256 271f199395c9ca65f65b24be22e485d73651f2daa0a4aff7e6c009c8bd4c2023
SHA512 fdfb38d3039981fb02ddb3fddf8ae4222f0f8daf6635c870607da021e5d0999d1215efdc26ef9592d26764ed7c1c707817a519428e8f95ddb4a0fe26a9491299

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF

MD5 677084e88eb3c16683d5ecd89d2bf6d4
SHA1 c0bfed1dedee03ea2e9c8306824c6050e788490e
SHA256 ebfc17100a95d2743fb246fe31bb1719d4b5c4926bd5ddc48b50f203e6165531
SHA512 14feb6365a12f7fbb0382ce53620ef72d36e4e7c9a4ce32de93b0b18aabf1d23c187f58fe079ac5d247baae4f029d81ff1cd1dc2831aaed01b13b6b49f2fe60e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF

MD5 e4fd4a9ed2a059dfc83e62ce18852244
SHA1 b0ee6c0036fc8c0d87157b93625162fa03107c37
SHA256 5358480da7921ffa3f636d8d7f6cc0123f9d3093d2a242459f8be9a2b3458e72
SHA512 ce73f2b2808164c44675116298a35f87d5178312ab785285648ed385953d26609f8bd725aedb02f7972e04ef6624fa61a8c3465fc1a4bc783cd687787227bf0b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF

MD5 6f3fadd699662304dfc9683c42caf878
SHA1 dd6f2f702a498966880213517011206efd22437f
SHA256 a4f9c184579f7e86c580c3f2698cd2034327330002855d73d8e9498222a1f90b
SHA512 008c00e9eba1baf73a0a3ce6d2df24676be9b673d55b8d68ee6b5b8d717cf7e26488c433d62006752d0789da437ea6dcd7517befb14d9052a1879dab7525f499

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF

MD5 457ec997335436ecfcdffe609297c2e8
SHA1 40e980b7ade2ba5438e112265d30479f9dffd9e2
SHA256 6fcc1586bb76787b2f3677b5e30ea426001079a07891206e5ecb9948621387f2
SHA512 c6c0faef6acebefcbcd30768af2fda77714188a176d466b093340030e0fdd40d5a71e77a8fe023b6822ea319d88fcef24d643d06e2114ce53e49eb0bd06f39b4

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF

MD5 b25b1f20e404d4e0c75433e0084e83bd
SHA1 d0e96f71c06db23718af859aa432705a7580b7de
SHA256 2f49f703f3a251546cf9bf9700698e8607718cfa96e91262292d1a7210f18218
SHA512 848232c063b2fd650c70fbd5ab36f281884764fb977f4bf5fd433d559a8d66fff2018f949327bc605646333f36b9e8e2a21eb304f5381bbcc250d5c83f9f2831

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF

MD5 97b1bfb2588024c38f1c2239986cc12c
SHA1 58317ccdb2c2663cd27f581c4e191fad96b9171f
SHA256 0cc4bb080d92d2d812d1cc3aa388afacfc148eaf769df2549bf4b4f309b5dc5c
SHA512 8bd74b3f6aa0e1827d14f410388ac148e59f8458dc06f99e6b5c035e629f031c45a71769aea99e2215ca3c6f370f70e40c928491b5f0a1c25b1f50d7b6030941

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF

MD5 323106797abf43db77d71ba83b822e7b
SHA1 283d7eb8627a03b9fac46d3709cd0a12f0778035
SHA256 cd652dc03f3eb7427539a6f8c07fb210e2343c53700cb966950ce2af375cabaf
SHA512 e72c39aa10a4ffc25f4fb4f0d2e6b29a58f7675aaf6e9290e2a7cd35e28ec35f25529bea0566c0bf1bbd494db73eab82197574eac950441b40020205f98bc4e3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF

MD5 2525b3c18b9e0f077cf4ce9fb9f9f7f9
SHA1 77dfbb029801676dd440cd4e0a58ec963eb7dced
SHA256 fff0189c76c3bd3f3c43a2a62369ce9991e05bb385462f8d5ee86346039be25c
SHA512 4ddf155e8733dcaaff3219ba3682d8e03f1373e8d7f89c2f72a2bef29a06261094b64872fdd3532b02b89187eadd7879ccdc9c8561473b26e5d2868367ede37b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF

MD5 54793dccedf61e584f22bbcd1b4e7c65
SHA1 6d8a671eccc386df95be03f6a0eb9d35bd7433a0
SHA256 7e56e35d3c26391f82509d19538544bbbf8b40c927c46830171af52e4491678c
SHA512 005b68a60ec8dc04f30b6dff1da4bc468b4cfe2f957ef241c27b0d0a0f8aa70ef351c3d23ef6088d8c462a64182671741b980a7d81717fe168e8100343dfd22d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF

MD5 de4c07e57edd00ffb0a0084016ab28cb
SHA1 d82c5e585494dc2e35d6c014a38f5ea8664ce201
SHA256 077ae3b8b406a8b5f6ecb1d0155b53f4f937aff5d26c912f12e6ca7d91cc7f1d
SHA512 d1f69081abcf6fb2b9a8d1d0f1b11f4c5146c64d5a20bc1ab5006a5cbae8bf7cfbb953512b174de83bbf9c6af1e405a14de57193272769e39e722136262a63af

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF

MD5 3d0b219b29819f5cb6c47e49db94097d
SHA1 ce457278a5476d32cdf24a7e62e8759ecdad9176
SHA256 2da7e512290fad4dca729a7342d2a3c023b426c522aea848573e5570c3e13989
SHA512 7783967cac135c17e67e8844656bb772157c23e90ebaec836bd6537918db2ebf9b4c5c6045bf8dc9bda2716dfde238d5eec543bef6eefc1b2858f680d4b00478

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF

MD5 d1436c515f30683e779cc98c3713c05c
SHA1 6f7e18c19636ea51d69c612e778aca62d2a7f16d
SHA256 2f0fb52d9bc766ef698246d95fd97b63ed8871146f18b8da5c53f7af16b49550
SHA512 33da8df27c99aead58bb5edff0475dc3c2ad25d1c184fea04a14d189f01067736c3ba8af6fd0b518762d769301f01920712c74925dc60c4e4db42addeec0e7d1

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF

MD5 47f9fb6ff846ab828063856c031386f3
SHA1 3e8069f33868d42b271f895ceff996e1f8fc4a8d
SHA256 11708bd6a9f036534b703ec627d22de9b3794c8c98a77573c2912a3e62ca4f28
SHA512 d2a602dcb6b1d62caa26e7b119ed9a308031bd7ac284a1f6980581e317bc1f425340c8dc087ed8ecfdf92fdb42e3645089fcd748012e9f0586afa8fd1a979fda

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF

MD5 61f5d5f76683b1bffbbdbc32c5581c15
SHA1 5913f44953ed3bc543d7c0b610a5991acfe938dc
SHA256 83474d0708d03d069b128db07f5ca1a5916faa39c6225d5c2752081078ba0ed5
SHA512 3e693e404faeeeddf197de1fcb4648e4104154a94da55762b1de80bebcd8b8f28d2f148f2cdc12aeed2f26cc0d30f998a82a2c8ce028684cd37250ddf50b32c6

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF

MD5 6ca43723cab6b6997d7bb8650f32c1a3
SHA1 e6a299d7f0d36c667a7915ef085c59978a36673e
SHA256 6cd22103c802e5b6e904d4029a2fbdce942b68a2ae4f59595d00e48ce6d41651
SHA512 16b547e3e221f54abce33fdaca98b8efd221e46600b3a6a3c10bad51e6d7c9fb7fa5078f0b1ad4cd6dad59d07679435a961f680dfbfb7bd933c8219ca82fcb85

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF

MD5 6f8d1a0524f16fded710a25daeb23f56
SHA1 4b3c1fdde383fd11e3ada8f6794466337e931f80
SHA256 61f926fc50713455754776b407e20cd8d529a6bfca212760fee34493effd79b6
SHA512 e25003b5c7fb9eef8c915b486f4f1164809aa7258afb362f9e59be819cfae5ba469e737aeea69df0ed97bc0757861175b4f3b5ef06fe91f76e873b6d5edc79f3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF

MD5 923c49872356e9c9d90e215120f578cd
SHA1 740de65e2b6e22968b1f509018f4c01c33f409ee
SHA256 734a5a45a7a1ddf9b92a4a70fedb784bfcc13867be28b9707a826638ea45702f
SHA512 fa60326c895e54fa6895f7bf1f805731e70399a55150c1aacbce7468de50fc455335be003d5d09883efd191f7f775e69b9948e30f0fd11de1ba0e6284ba83ed4

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF

MD5 7c0df08707928a32df29993500aabaea
SHA1 4492fc8243561452b9fc2d74f9b7045fe8df0ee3
SHA256 de888ca94f0c51e23f6c5dc84287357cbcb33545801666cf60f5f4e94d853388
SHA512 fd57f9d2e361d2ee817b92ea22e787ae16041b7735d0cf705edc9e32fc10c428d371ad4d9334daabe5df994cbd6a04d2465bedd6b46d6502524f5e5c71370e97

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF

MD5 1972d08fa55e97b3547ee425a2a8c64c
SHA1 596d8c9477d15cdbd6759223dc8bb01d5290f085
SHA256 8f483dd0960f491f0095adb78fa7aff9aa22d76de05e2f2f3cb35815a0625f12
SHA512 73d3a96672a454eaede4dded38a27400abc44e72e52789e9ea665ac152b25b2d25ed9dcb8dc9b290fc2bd1384a149f933faf37ae1c27543b5fb6ccb97a4b3a84

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF

MD5 6259059d0485c980f824f5b7554f3416
SHA1 d64ef3536a3d562f0f5b14b2d8bbbabcc80d663b
SHA256 95f95a7c2e8bc125ade35db3b6c592882a3571fa4e687107b4dbf96faeef9f1f
SHA512 de6dcda14c23587245f16b8f017c5295121f8cb9984ffc446bcb25a5bc950baaeb644ba5e8cce198cba4f2b6c4fa8c0eb992c00fa44b34ba9d7811a02bd27844

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF

MD5 e7ef0c954a0033d22b72febd46372b9c
SHA1 f198c71ac479f9b9ef0f58e8d4c368d49870ba4b
SHA256 64b876c093ed85874d5b4edbc5eaa7fd88e0349b7a1d44f497fc20e0c3906918
SHA512 880843f4af516cc19aa02c7481add6e9b5c988b4ca1184775ed3448a595adbb04e20a243d9d2f9c8f9fc12a75bf157d45c6af132f263c98aa6ab97c20936c349

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF

MD5 e95e63d0f0e79c9950187119e8b15062
SHA1 74a85c7fa2a474926054a9a8b6d90b26ddde4992
SHA256 b813459af00617cabf06687048071b78f7808f7d6b61ec985411c14cf5715c66
SHA512 03117b6a06ab3520d7c672ecc4a220a5416505a74b4a8ea9802bf07a3bd442cebc57810dae9e0ac182d72480800d666c644ef2b0c335055fd8427721a873006e

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF

MD5 57d346afc52650138c9b658c37194f5a
SHA1 323b31332dc71966a4ce8502043fc232d01d4c1c
SHA256 2c74b20f942c284715dcf5eca78f8454911630506d9d16a5eea758e6f3b2ce9a
SHA512 3fc6556d99e9cac3274843afe76554a2869ed1223fe0d2b904ad35e5204e1128daec4dce983ab34ddbb64b0c5de13abd2ab274733d0ef5a8a31f46b8dc616259

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF

MD5 eaa3e82d32ce809008c4f89b15a3e6bf
SHA1 203891cf641580ccb63054fad31b44962a8f7ac9
SHA256 61e9527ca209d1f904806913a467b6198364789f9485ad6ad1a7a9d6a3e69ce6
SHA512 35663f2af3fcb936057e8221cdc663e0ce60bb5726dbf4048ba2bedfcaa1505b36dc3d53fc194916cde508cd5358c743d30ed50acef01cb03e74277c08473f57

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF

MD5 1ce72dcc122be83c18572b7e678648ba
SHA1 e694aabe3141da671c2ec4201f041281861b35bf
SHA256 155a0ae8cdd9b4ab7d73e60fba54aa142a4c3d2c519ebd644d7df86c91210915
SHA512 cd9cf35104468af953ea7bf42f79d37c53ad9297b24105eba5c5de800ae474c51e4249466c09c291d135e6cb383472efb0ace0cf9f19ffc8ca7a642197799cc3

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF

MD5 30a3ebc2059e80e0fa72b47a3465bc77
SHA1 3465fffd364ae9a7baa8adf3d800bb417f1b6fca
SHA256 31b53e7af81529de5b48ee6adb1c66d863473f15b4bf96833f1552e8599c1ff3
SHA512 3c2a405e4da6dd50d62e4e4c3a7587d80578ae0f7f33ef1334e8e75d5055815cd39ba7f2b75d010f80460c99495beda93acf7ee13b4bbb9b008e91f96d4a5e5a

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF

MD5 fba741276c26c2add95d9bff62358b48
SHA1 154f9ece468d25db7c4efd4cd4c8809c10b14a52
SHA256 de7d40a6d33941d70e40923b74352d86894def0f48dde2768a52e84434a87d30
SHA512 c879659d760f5da032523871926a85f2840ebde26eebbff39792db7b331f52d3d861b64872d95ee457b5b9beeb2a2c479cf5fe5b9d04e655b8b3a18761169a4c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF

MD5 1e3153d12e9d7fcd7b5298bfb3a32dbd
SHA1 468dee010d8f37890af07f23aa20b00f6a8eb507
SHA256 bb2a716725a2531402b0f1d5c71f8682bc174da95c9d93aff49704065e27582d
SHA512 bd083d75d9f1abda06993e2fdc6c6cc0ed09da0c4876290b8746ff496ae1ee8483bb665f233d1988f257eb59de920d523c1ac08fa8a2974cfd51cc3520ffa46c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF

MD5 33903b6c924c4b1c52c1fc97656019ec
SHA1 b62249724598895159de21c49f50712d35a04294
SHA256 106247f9b937bf95fe355bd00aa9d6e4f63e5a439678b403c36d3dddd17180e8
SHA512 1515b8fdb706d51a196fcfb80b3b2e53d47ca8aa49e18d5d89b0e9d431453e899a094f083aa3b5617e1da1f8ff782e00fc6736167cee0d05e5d697b3eb7e9d79

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF

MD5 b8b3e0f354942ea999a64400169f52d6
SHA1 92ed500b14da3132bc6a93546f578635fa1da901
SHA256 6586cfe0da24af8aadeba58ad7163cdc37dd8b6fcf45137cd2d674b78f5e6ce6
SHA512 093b7b74c09d9b5ff6f7d71aafef86a2c3661a0991dcfbd226846e8c0fe441a9fa890ef33f461e986b4eccd6a177492e77f27718b8c9568814875541975bcd0d

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF

MD5 4dbea4b2053180886f1a766d96fed327
SHA1 580d707d89e74541b3d5debafaca2c9aed08c06e
SHA256 b7ead53eacf8c5873b5931c777ebdae65649c676f1bfa4f8a24cd8f65524b160
SHA512 a61a99449ebf40c17e4d5d1ae96938ad6817803930a09911247d98641d8ba9af5bd4670582c867b5f230be6326f97a21789d6690f1afccb07da39291409eb64b

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF

MD5 d1c895d9d7e0acd3d245498650e2b4fe
SHA1 c4867568eaafdb07e50518ce7cc909761dde779c
SHA256 743abd131215b7554dc3316b8ba7b52b8a213e93cde415f6ad3b4166f4d37689
SHA512 43403a1cd2039f00e8087f462b6a102d5c0dcc03822006c097c8d9a64ed9de31497949da192428839b7dfb6dc0ca0a16b6caf98d2eacd8f06b00f5e64bd6200c

C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF

MD5 650cd66f10a8973a1f8468c6534d88a2
SHA1 84ae9db62b6358c3def39d66b6c08154cbba7d16
SHA256 b773d5eb454dbc5826bd9ac67651e953a11926335b806a311a7f3bcc07bd0381
SHA512 93c06ed7154ca9421bae1af88ef2e54b7bc884784f060855459a77dd367a63f57795c70bacfa9c21a7a730d0c53e200597050051900b4eefb7f4a679bba1f5a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

MD5 fe01c7602a1dec58ff9273619c645b62
SHA1 21628d603ad1fb78c76b4615fbb8c8a04f341d66
SHA256 6a4eee6b43c2a170edc5394443bca43cd3cff23b0606bf73087190777921dd43
SHA512 759e615057ce048127f28ff4339857b6dfc602728c8d5bc7b227e1694972c73de78e01a535202b3847ea5b1f340a4b6379e64d111bf9a884cafa1a6e88de66bc

C:\Program Files\7-Zip\7z.exe

MD5 5b4a948c3831db552e8899ccc51c21c0
SHA1 23511145a827cd01c0d1ff6a077c1d938715f4cd
SHA256 83908b94c86eb855e3d2052cfbcd0396772a016393074904351c8fc18a02a6e3
SHA512 a8520ea92ad76350812889e3378d978ef255c16206b2e338a5d613e506a4c9fa63f7aee0aff01e5cc3f0bdab5e065b6ce7f34432704575c126d16f4d8d3b5299

C:\Program Files\7-Zip\7zFM.exe

MD5 147616cec6ca723d38caefe538f4408a
SHA1 607569e0db3525c5697bf0fd6107f29dba8cab36
SHA256 45b8b493da6d29fbc832eeacc72411612ea333bf5243f1bc97761704fead2ba9
SHA512 747ee58f0f2595488ca2db358fae35b6d699710b11a1923b53400459cabd8bfab9d98200e39094ddd1e43df7b7624592badc8f971f5436b90492783fae475ead

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 d87294896f75136bc491ac257c203f2b
SHA1 38638095e3e57a34e8c0a5a3a96330acb9e16066
SHA256 70df01af3d089cb39bab26be8b314e090acc99e123424ce4f193bdf5bfcef8f6
SHA512 f01dde248c2a0146a63bc003d3e2b3ca14496e09ab5582b0cdb986b904888363df9d3e89f173d7de85547eb7c1994b7ee99e9bd1c82f501abd667ed6275d0008

C:\Program Files\7-Zip\7zG.exe

MD5 9516bb209689d3a7f55c1767cd33bed1
SHA1 1fd3a1dc33b2ff98a60239b405e7cfbbba88d827
SHA256 b9112f223c16cdd15589b5efc31674c02639b104e1951abb61e157978c9475d6
SHA512 9f5d9ea29f7f99c0dd7e8847fde273566eebacd2691218aa582b64f96552fab9dd75ccbc853672d71d572253778de5e97240e0debbc696faa6ededc9e1c1e65a

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe

MD5 85249285cb3d750762bed9f08d0b5326
SHA1 933ae804ee165b4ac5a3cac0eda6e530fde382da
SHA256 04538de8ecf768467583759acaf5d54093dc7a236fd69f6e8b978851f67895ab
SHA512 eccf9ea6e0b411f8997e175c9e344f8005f6f48ae19819a30157ac5bd2f3d20823b21d97731fcaeff829882ae98464c16bd241eb04113e5b1d91638ac62ec6d5

C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe

MD5 4aa12301ce178f582fd00f503f5522ee
SHA1 71304559d91e91febd562c10eba0facc1f7a2c48
SHA256 017d42571325dc867db462b03d9cf20542cca793fb0a90aa7aa17512ffede1fe
SHA512 d9ad1cce0007ff4051a6e50ba37c6afef25146bc8bce5458ebb6054acb96d108de3f73afd26008d9412e10e486941472fc21784b7ba36d1de600550b2c92a9fc

C:\Program Files\Java\jre7\bin\unpack200.exe

MD5 64e6940867fd62501d1a430ab4bdeebb
SHA1 9ca5d8e6d41e013ce8be6aa0b8d764a8364f349a
SHA256 22fd95e98b222e52c56345c58cf859203c88ee90717096c823910a90aa731fd3
SHA512 5f55cc20d2b98b59099f6ad5aca7bb6501c60f46da63d555839307d39cc772da11aad7958758a3f89a1dd167f1208e69fa629ff5d8cd1e6a98761ef444cc2c37

C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

MD5 4ea219546c1d847e9c8456279f5471ad
SHA1 1217c8b3aafcd6cd00178ee24c4d83ef9c053189
SHA256 74b895ccf4064e981fd2d8fc3adfd66aeafb32388b37128608ffa9df2a83791b
SHA512 4c81a36597a36110a93e965c545e17442168b9f321d472ab0f89cc856165b6a46223b2d0c1871c8402a82827e621d5b79b965a7787bbefb8da06eb713d0cc9f9

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 d79800082b7783af1e9ca5e5d4f3acab
SHA1 ebc9a9126705cb3cd36f837157232d44a5f6d039
SHA256 04cf656df85d291eafebabfeaa1ed60f963bed4ce02e46c5a3c46e03583cc0eb
SHA512 9b3ca65ad9e42652de27b89ad424e2b7c841859cf38533aaf0c8774fb84b1c3ea00b70ba5c56ed3deafe9ce29ab063271c64966721aea0bf8314035baefa6897

C:\Program Files\Java\jre7\bin\ssvagent.exe

MD5 1e2f59d216f36d5e250770eab5658e24
SHA1 a9894ccd1a3d39a416bd23668b4c5c7e8f229d4c
SHA256 b2619bc17d81e48618237f15f1e0ea577dad78b66f8f3933da297b87cfd93327
SHA512 f641a03fbb72f1a57b2f694fe4d12e42fd063d0b8d8690d5a9eac2265d27a9bee5da1d9f516d11c5d591b8fcd95a8ffbd4e1b51615cc0332547dbe91be1e0e58

C:\Program Files\Java\jre7\bin\jp2launcher.exe

MD5 0ff2663b548ba68964b7901238e99b2f
SHA1 277ee321fc7f49d9efdd669c2f17a5f7b5b5cd6f
SHA256 47b988fefe053595dfaa995e1381a80844368b89e0384d8b11fec6aeea7eeefc
SHA512 e0a04995c93dcb25de5ee061a4f5c72b72259249a9fdebcb7aea13f4cdb2972cd749cfeacfce186299198c7dd2730c5e88e7f5d815c2d34b4549874d2fcc5461

C:\Program Files\Java\jre7\bin\javaws.exe

MD5 786fe674572053ae9a7e8c181b44ec85
SHA1 7def907c1d576f34a65cd2e2c8e7799ca652a661
SHA256 4bc7857513d2c1dd37d0e81cee5b4c11c19fcdc63ac02f5427d9c57c680bbe11
SHA512 d121e64be147f06ecd55f41d8ffdfb02182acc5ad5b0c17b1305605cb1cc3c89d050653954b2ebe34c39737c3beda9e18a91f1a3df73f8152d90753562ade295

C:\Program Files\Java\jre7\bin\javaw.exe

MD5 d2a307d1513580de6bbcaa1687b8b842
SHA1 175ef66af3034bdc9e37eb56405156937594db2c
SHA256 ee4e0f9b96779f1d76d2eec8d557f258945e2a85ccea93a3e180786e4270662a
SHA512 f41b46cdf4d78068049a805e990950c25fda4125e025ddb3d8282970a6f175e543862bf3b4c89153821cac7630f3dc57091367735a1fa7b06f8b3070df8aa741

C:\Program Files\Java\jre7\bin\java.exe

MD5 65c156ea63a5fab0de86a677099ef939
SHA1 eb978f0b26a32d68b302d2252afecc010fa09340
SHA256 73a76bdb2ab29dcbc29fbd2f72c53522a203b07a92ffb29bfb78bc7b5943b15c
SHA512 d803cdb979011a7fdf2b2069aa6eedc912613875c10a782ea2867f1e6436fd8b31ddf837f2dca0cc10e6f8e6a87caccbad9923b7c68339195133fe7d62929728

C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe

MD5 6b900a7606f90d5810a6c89802510301
SHA1 20c4872f4d56764158bb06a764b90b3af522f637
SHA256 45d3cf30780512360419a54c1cb2b997e3609405e7497f8406ded416b18a354f
SHA512 601d95a653f5be44207bbea9fbda2630f128558867b8108d21a6f5c04f76fa4610f2965dba626c8350cf1ba6755255f5e3991701d13d827b4f981ee946835fc3

C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe

MD5 93fe2037a8a16ece9f20806fdc95080d
SHA1 0e700f9b8c25ac3c9d10779d6e8cde9c6f295db7
SHA256 646a3143e5ea38e48b79a6e9182264f5fa3c6b4e6b82fcf22e8673c35b621c18
SHA512 51ef1ef9b9152e8d360f041d923cdc80a463c97662ee39a587449fb5d2ea87c605759b9aa6e4ca81a4ca0318218a4cada845f0f84bb9e24c4ad5e6ee9681cf67

C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe

MD5 3593929badeabeb7a8c410356b623349
SHA1 2803eb4843c8b07404864c598778403f6403bb83
SHA256 ab23d9da1712f5db8d2df9a5a76552026845a4d81733b71add96260c33378323
SHA512 8afc37c450f1973cabaa44036691dd3f88287b57e679318c4416dee5f46178aa79347496f0479b7c0b1ddf38d81c12935105983301c206b35a4a15e5b12f100f

C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe

MD5 3e8e9c61e41836c4b766765c4334e061
SHA1 83fa4433233b3f804af51dd3a2606eb07bfc17f3
SHA256 857962a2165c264ac4e4b3939ff54d8a79f186e18fa28e93d5d58c95b37cb739
SHA512 eec02423f00751f145ec0fdf9e8230e78978f13e2fc65110785859859a3a415680be21da8c0afbe0589aa72d704e1e61073dee75d4eb1e4c89575594dde58c2d

C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe

MD5 d75edcf78ad8a4f7485f1a59abc85fa9
SHA1 5ae5c0091b610a653c653dfb4557cbdbadcdd43d
SHA256 930e859bb94c1b6b519542d2bcf38442ee38ed0cbe9517566df829cc19a8260a
SHA512 6dc0f1644996a525ebf30e3013f542299f7e0544bdde2e35053835ff4b9dbcf45ab1da3957dbf2cae1dab5b31d2008b02c19251280d00f66058484a9936b3a6c

C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe

MD5 1701fcccf1ef3cd85b18af1fd7431e7b
SHA1 bdb29967b836d6535a22e9c454f3cb926b7476eb
SHA256 9d7b1fdfcf3766effb780b248fd5ca6f5fcaa4b707ebd579cdbaf27201f1b3b3
SHA512 1fda5c4001c052ece5ddcaf84e58681f8ad1b012d4fe46f43080142c924c9a601fa4642cd4d0b201f72ca86824f7fcc7b1f7ea3b716e781372a77db5500ab76b

C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe

MD5 dd1f750bfade2217c812e3d5bb8a6b69
SHA1 75907ec0219c8779da78f49127a4c3bfcf615af2
SHA256 fde01e2dc76856bffaea65cc38cce82be070cacbfd11a011705e57cfcfd09b00
SHA512 44f4b3f5a6f0741757583c5f6682c0cc04dbbec0b1982dde629cba568632a6cf68364c4287d4a47ae38b0e9586b85e9c2fc1971f9ae1401b421b15990a2a6d8c

C:\Program Files\Java\jdk1.7.0_80\bin\java.exe

MD5 ac1429dd779ebfeb3db422d4d8e3b9ec
SHA1 3b140adf7044e6065d08f2704210e304802ea1d6
SHA256 58e2f1a9fe4f70aebaafcdbfb76d69bf854b9b7cf305cc5176e38781a33b1e93
SHA512 5681842701023c16e0379846c1db4a8b3b175425008f236474a1b0ea48bd0def2703cb90f66f2221f9bef2edf2934a8329121ccb972d897a92ecf610d36627f2

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 2135b7b5dbbde8af281b366a91d8e7a7
SHA1 6cf48cb680ec56afb0253002ac6a283b86a24672
SHA256 ec15513e08c24d1e24ca3773a1277ef40245f224704da2c178d60fa0ff481dbc
SHA512 e39626bbdd39e3829817cf4ff2e3b19a0431bebc652a8a8c41a085be01aef364e182fb9967e0967de8d67f9839d0275de589c3653cf2748a72bfe2b79265b712

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 f5be5306b83887464e1159359c84e2ef
SHA1 6db4d2f2d674e1f570d6cfdc8bbd50749a2f9c1b
SHA256 b5ce1d929fb7a1e88a8d675e2f2ba82a46f4653d59346e3fce215c4249aea497
SHA512 c2a5916f6a9aa72414ea2b0d6b6d46960c57e59181e6c1a3c4e78f8c43d4ef9285abab1e2cd1ce9fd3b813beca584663b91bcd0fd2f54f6a9f0aad5f8893f4a7

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

MD5 cd5f73afc106178bb60d6c00277e3dce
SHA1 465d9e1c6c4049bb4227d924f8f008a209308070
SHA256 1c5b3d571b17f9a7af5d4b6b0ac9b681c791eeb416166fc59d8424935021a9f7
SHA512 674c2dd4e6c7feb00240bf14a5cafc8dbad98314812c702cdf4b49f26b0c892696a65f3da4f0178b72d69d7c605c07baff87eac6fa7486a049ac8e4deb3786c7

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

MD5 977cb510757bbe0846b1d46031338495
SHA1 5ab132068a6ea894df562cf3086617615656c2ae
SHA256 cf75e27ac5af562d2a3123410f69cd64db33cfbda57e8cb21c9ef72d6a07f58a
SHA512 7698a66734df720cdaa3abee524ef7862377f3f0593f1d94d39811f5853470ec81115d9f2c2aeb7c902dbf40ed28a49da837ea3f2368a0ec5304779da7e35143

C:\Program Files\Microsoft Games\Hearts\Hearts.exe

MD5 2df4dd51326083820de7a70cc490dc2b
SHA1 cf299098c418d3733e077e6f237fbebfac4fa5ef
SHA256 960923f4da9d8b01636e99f0b0bcea0e3351fd0cb5bda729e077b597a6a29f9a
SHA512 f0211bf21f2caeca5efa0eec595e31878d7a0787707942c4d3e66f9d8c30ebf987d33abeca3a9c5b55d04d4f7e3a2830efbe4ef3e3ee663880ead4739d449673

C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

MD5 6be2b85afd17555e3a747c1295f99c33
SHA1 13110d2792467f7fff8e916b4685b59a47db8f24
SHA256 7b551302559e60369c87615e068f0afd36e218ef4f7175cba91ff2dbef4c5049
SHA512 f06ed8a6fac135681809d55195eba399831398fc21835fddecc4b41f767ce86cee6764ba33dd06a7b06c73a9318b1700d270c42ae32d77d3fb9e6ec0015b28eb

C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe

MD5 28c90ec13b3eb6cd54a575035943ae4e
SHA1 03026b2bae7e8fa77384569e101df98ef2fae6ee
SHA256 bfc1f6dcf5f5fd9418467693ff297e3f1b6e3dbf67ca301d8479711c3014ed1a
SHA512 aa1f915c1d0d49897872753d165532524cd1a8d09f8ad59600215132a59dede31ccc73ac9a76417e898993178e5482f2aeba0f958b5ef70703a14875618bfbfb

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

MD5 1c1f4e6c2c33c403d179195364962551
SHA1 c2c788377153ef5e2896c700a1f8cff41452e17f
SHA256 197c32ede13ea3353e04996ddf82cfd8a3240fa6f02624f728fdcdbfcc99686a
SHA512 b86836452e9294915561f1335d7d59cee39c4216a7fd7900cab99bc9f3affa72a0197b54690dcc5d7045cc1dfef8d682a68fc47ad3da877637163e00630ae023

C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe

MD5 18bd30a5c177fd22ad6c35a023fb6d45
SHA1 5b165b8d7332e360e79ca939f87cc51b20fcd0df
SHA256 dd1742b098bc2b0487268b5c6e352419093ca3a66f45a90854a819c49c38dddd
SHA512 f03b6a8538b9ca3438d639a8eafe3ef8e6a0779d8609ce82a327cee214939f2f4c656914f06412a3df909a3379a545627924275b946c18f3c8aa23fec8298271

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

MD5 20101d9aa55ab7f3f33c824a7db5bc73
SHA1 ff4837401cac5c6a9973e3782b3bb857a6d1c363
SHA256 7cae1f729b6aafb95070273539de3ac9b68f157b2f704652a0765e5e4a38ac8c
SHA512 ae562ee9aea029ae6082b9601a2fd2e7b2410dbda4c6360a5b636004f577a7cbba3bf77029175de83ff1d27c3b7ad1ea372e55230aace1de08e8653f29fad700

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 db27c80b7435822088f0f311f87cbf91
SHA1 9aeea06e55afbb0a68401fd7805dca16f70940f6
SHA256 2e248b06bd184051e2a3965ad3dc9139d49bae74afafb2c7b6e6369a863b87fd
SHA512 cced59c670f5c6ac9f224464a06775357f144f0906a8bfac9750f6e8f14c9f1cea97b69735432aa6fb14206f4d87b3957f9828539fd246c08e6505cbe5eb33f9

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 4c5b13dc4437a2c0de1de0aa7300b9fa
SHA1 3c284a5f90f7d89820c24b44a76922812c9fd928
SHA256 0b292d8192e8c8a183322fe96e9febdaafe3ea5076ca946d6a747e95940f8868
SHA512 70a88d6eb1ba2098c3b99f568757d163ef64518466a4b08f80f25f6b555d3a8bed7582e5c7e6807ebcf47985e346c603234c92c249e0a6ce94e134544179408a

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 96dd9206c6ae8b7f27c4adbe7539bb1f
SHA1 0a62ee9ef84614d5c26176ccb267da5808a2da53
SHA256 f0ab2741ba4ac26f1476eb391836e8ac33f3bee804774fca2329c4b33512b99c
SHA512 a406444facae355f3484891a3e4f6f9a3b913eadcffa1d1c2469c1b247034683c4c7e0ad96068e4461714d91729e832a79807818744eb44047323afc7c3dacca

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 2a34791a54aa3ee99465d97da1ea2ef6
SHA1 8eb2dacdf9f832280201366765e21569bf3bdd91
SHA256 43f3c4430c7ba8de45238f52f7b89794a1f65b640f8c5f8d75c5454151d48198
SHA512 58bfb05484f257fc705064c87890239c64d13ff67b7aa6b74477b87aef545635a17ab5e909e80668930bfb6d3082df72ae1b3a741436676fbf93f410992d4dfc

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 ee2b6bcf8d01b15aa57110a84cf20684
SHA1 e627a4bc7d5e4b7f6863f1c33ed4cee280ded0c1
SHA256 89bad2271afee4ae89f0e868621fca7f6c66f401c44f50f9f13e51c2a06c02b1
SHA512 1b1897c4f659e0b8f8a4ea8abd79e2163bffc3377f5649b9cfd01698869dcb7de7e15b90a50548ed6678341081e46aa80f7483e0d9fe1301dd9f0c3d147a77c7

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 8be9e4fdb92c2e5cd824a00af4d70b27
SHA1 4140b3ca81e7aaf64014473cf4f3fd388300af0b
SHA256 4723001c9b12184708b59deb3e23bc18dac54b3feef78744125289e7a47e613d
SHA512 fc7779f489f727fa0d60204adc8e0a5a82a3a9f66f93bd74f8b1d0054a7ce77ab9ec15d849cc5d557b10e93825b73d07779f1fc25825c9a96dc94251180db68f

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 d537b9c8a1e98f3d208e0749ecf1fde4
SHA1 f184bdee15040501e26df27fe0121f57706351b8
SHA256 d861c685e8c06613a0b2987f85bb4748648918ad387cba176f9c2afe85c8f386
SHA512 98e6ef0e3dc2f8e5556c8b543e434f3e32ebc581b3b675095271775ec68f3168420420a0cdcc637233dd83974ddda8056f42b73fbfcd7616953b4e880233e804

C:\Program Files\Mozilla Firefox\updater.exe

MD5 cce035f87c77ea92f877cc8bcc127c03
SHA1 8c1db4debc4afe6f1b913f74ce77b72302f375a0
SHA256 d11ca9a282258c6b0a378810862091cec47bbc22706be9989bf04ec68f2c5209
SHA512 7e80e15b3fdfe8139784b0bea98f33feacc1284230c13686d4a1e4dab48336126c5ae3ad8a25d1dcd132c701f1db2beba481c6574582d355633d27c70aa06fa6

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 4cb0bdf85f29705972d683eca7fb0d66
SHA1 23ae322096b5279028987c360439531b6b8ca038
SHA256 6a00fd384db353f0af9277b950c61582f345cf65a530e6dd90f664a560d31b04
SHA512 63fe21a5b9c92e06eb257f82cf8b7636f27725f211ad33fca97acdc756aa1fda9eaba54f4e9a05fde8e8cdaec946e671b9fd2f18cbd88f0531da824361366b6a

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 4e90b2af59317956d9b422121c72cf49
SHA1 c9ed85bc32886028dc27933ced7108931b3ab1a0
SHA256 0105bbe1a63dd32bf0764ead1ce81ee36078362ed7d935f944d5e68c62543afc
SHA512 3dbacfbb0f2637f396c4d3a3cfdf1eefe49e7d4103b83ae64aa64318756b5a1c1a6f288b8df723f10acbcbed348105c2e834019704fdc024acf5882a9f290d07

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-22 11:15

Reported

2024-06-22 11:17

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"

Signatures

Azov

ransomware wiper azov

Renames multiple (8234) files with added filename extension

ransomware

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-140.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ui-strings.js C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses.svg C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ui-strings.js C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Generic.xaml C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\plugins.dat C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256_contrast-white.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\microsoft-logo-color.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\13.rsrc C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Microsoft.IoT.Cortana.winmd C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-125.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MoviesAnywhereLogo.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\19.rsrc C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-80.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"

Network

Files

memory/3152-0-0x0000024502390000-0x0000024502394000-memory.dmp

memory/3152-2-0x00007FF7F2B70000-0x00007FF7F2C6A000-memory.dmp

memory/3152-4-0x0000024502380000-0x0000024502385000-memory.dmp

memory/3152-12-0x0000024502390000-0x0000024502394000-memory.dmp

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

MD5 78ede93114e65f9160fd03d3357c56e6
SHA1 88d531b101e57655f1d0d26c6b3257aa2468d460
SHA256 c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5
SHA512 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

memory/3152-11-0x0000024502380000-0x0000024502385000-memory.dmp

memory/3152-10-0x0000024502350000-0x0000024502357000-memory.dmp

memory/3152-3-0x0000024502380000-0x0000024502385000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 8688495478562a342681f29ba30bdb1f
SHA1 a73dd8877679c5283b003215e55ad89c13279d5e
SHA256 cbe236b284169140dba7ba3b8d3ab09327b29a3111959d3aa3ee2a549202e6b8
SHA512 c179d7d185c01e70849173eb6155895b09f2e43ee91c7b7b6b8a02b25a8ddbc7094e2257343f355d946e83e7ee06d88e50335390a27383105dd0086d7b99b740

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe

MD5 d04a7b58c5ecaa5049eb1362f4aaf1a1
SHA1 354b8c28bedcf6f7fdde013c3a21418f34a5193d
SHA256 366920211e7b8ba4d11608e3da93cd55950a9886ad6291a8846f4ab93e770378
SHA512 051c9d9c5fe38bddb9c23a426b9c295a658042534e14b10aca4207c3c8ad636a70504244c4f18b6f16aed127a20bd4bb5199646e60bdaad9fc265dedd99cea17

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe

MD5 d3c4193cdb809138a9e92525d0461d7e
SHA1 1fe0cd3c02056694f84385d2705f66d247c1fa6b
SHA256 db8037de2eaf69954dfbcd69028105fa399e613eaf4c7b40224adc0b407dee07
SHA512 62901059cae202171e8a7a1fe66f03f67c185e262f8be7dcf48053e1eedab86056babe4237f19ddbf238d5bed6d706d7d15ed755fead2a1ab37109652eea482b

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe

MD5 bada1ffa5f7b28e7ff2776ad0f5e628e
SHA1 de5adb80f0274c1830ace88058f121b31436b2ef
SHA256 dddda9e2bcc7d2d03d3e76b165b8c939703065ecf3455e965fb949d74fa48bbd
SHA512 2a323e833714a4f7047bcf13bfe63d6591428d9b574d94599aba5bd695a5405f776b795b4e9a1321b62f86450152a5ca4f30c4a34f02c8a208778314f55d4d08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg

MD5 6b230b8fe1b21dc240529bdf17b6651f
SHA1 a1c19530a14fbdbd7af7e133a872e33466ed927d
SHA256 4fe21c40aa7e6e51ad753afe203aea00746b9a9237d15ba29d9e162f929e79b4
SHA512 25592446972647264d0131d46ecb6e95c86a7c9a5fa0e4a7d98142ed8395aa4a1d04e913ad8e2424af980f762338a2523a3f57430f9d766030ddd0fe84c7157a

C:\Program Files\7-Zip\7z.exe

MD5 dae69d507a335b0d150ee43e6b9aac9e
SHA1 97ac8072136a362698c17b6ad352a424486e36f5
SHA256 2846e4b31d7a3e9b8418a29f9da22b9d155568c9d0666fa5490325e02d1e8002
SHA512 86c7421fdedf9e62ad1fe94cd9d4ff4e4b0f9fdae5daf5ec542dd3ba1719eb7f8b6d5ce5d1dede395952260279e595837555db383039499b931dcffedec4cd9c

C:\Program Files\7-Zip\7zFM.exe

MD5 82673938081d85138afb054c4b54ab55
SHA1 e1e001b41c69c1ea0c4e2117ceab0aff5e827201
SHA256 0e00d0807a53f35d463a8fe731f2611d7aacf661b2ef4064baacf6147da8a449
SHA512 6f81483cd2a143cbbbb1167cb242acceffe94d49ab2484b0834f934b41b5f2220136755aca917aebb7d7390ed15c57dc546e7c42658a45e1aadf1510c5c16839

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

MD5 3df53428e02ea2d0779d144dbf31ff42
SHA1 e5e9eb08d2cb29e5f2f254964044079acacc4225
SHA256 ca429ec805ba471d42abf90b643810fb2c09a5f787d12127c06b19a2c792681a
SHA512 afd88123ae245c0cdedd7e503d0920d4e92b70ec29503d0aa19890a353e37a4212f1d696a739a4a8742772d11edb5a673b8d3f3d9df822a731104160b677606a

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 f2c2588f3ea27c5b89877d39736568e3
SHA1 2353ec6f3aae0924c478ca156f1e82d07df6ae4e
SHA256 6a7e179ec3269ed9a0327e042fdcf7a41e227e0aee7efebf32f78fddf48a2059
SHA512 1155c81304e141c216143e690921a3a54f7704e8262870a12dee1333ad0bd930d09e6eff4448bb457c187fa144ae987c3ffa5468aed7caf939224e7320a8a50e

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 cd3301d0fe44f63000b30463b13e564c
SHA1 a74735341e4f35593bc2d6987574484c7b294ef5
SHA256 5e0b092f503862830b21df802ad3f3d49c5e0bfbac1d4a6a328fe9c1e408db70
SHA512 37a4a74695851b7b5616aceab14fd974a3b7864cd2d46133fcc82b6b8752c7635cb4b0c094719f6b38796f6a8d89b60010ac2c526072264d11f313ea0f9b71a0

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

MD5 53585f15c9cb5ab9e0c050b571b3f12a
SHA1 0da6cbdbced87df7308e46ee9d352c8bfc53b5bc
SHA256 1554e67d80e02a040951dab0a0f27b3765c51fd6fd3616c94be4b35b33a74311
SHA512 016ff23c76f818653ed330036b7fab7f9e7ebc241abb367fba3889e6e2f0065e12eba2af75a6b7e710d71068553fb43e06fbfda9d5c9d7d253b13494641ac4c2

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

MD5 01ac148e6c36b39b66eaa71271536d1e
SHA1 2778bd33f91bd4f14e864879c62e4cb66e21d6ad
SHA256 ec7d046e3b1d8ce5e3f73968e5fd6158e7cd1fab76739fc85cf68f60deb9d1c2
SHA512 bf09efacaab7ee6be2b65d486ea16f605074b3d9981a7f7a2c9f2e2a633365a0041ad98c406c017ed32c75e937aaa557c60f26d2312a40b57995d049b1dd7994

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

MD5 c6979d961af20b6d5ae1e35be29092c4
SHA1 4c1f655baae3a7dd8a20cc816e7caa306524cd82
SHA256 64b518abbe3a30d2fb41e090d78462f798ae62875c0765756d5ef501bd85f6dc
SHA512 b76a61d5402626f8bd342e2827a3dbc96faf5d721a3263faf464f6f15fc5743c991514df1d3f80c3d0b0151e2960eeb02e68e880e0e31a8d55f52ed5045b9a33

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

MD5 5c657a342b3c1e9feb5e2df7e8816dc0
SHA1 2ae883ddee12e79de8984e1656c041b1bae74ca4
SHA256 2ba906d54ecb73006b7f4c19831c66b737b8a8c40be5eaf5c2ba3d64b02bd64f
SHA512 05074127b550921b7db4cda2e38372ab20f95b333763d09d9ec1d7edc0a81c2b14e4d869799de4586a29e82e86c8f73f94f622e52e86ebcd4d2c7276416acf3d

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

MD5 5b4a82ffff6fe3faedd2e99ee9284da3
SHA1 467c366b709c7d9e03aceea16e90b8361afbb230
SHA256 520f7e708863c82cdc2dccb8c227641eb0f388818499fef655723cafb4cda554
SHA512 755eff9b22e63c095858f03c0327774db886be18fd76ef3fcfecbe13d2afab4715de534cb8ccc149e7c6051e22b98838a94ead094a86a9da4a7b13515d97d440

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

MD5 45f908de776b6874880b0752c2a7c311
SHA1 81db7a5f98d56726f302baf1111a9d22a71d50a5
SHA256 2900521fe2a053d00a10d9917b5cfbd6d13fd2d910cce958d1c31b7a311740f6
SHA512 ef137c1c3168f2287a7351ba7301685b6c9265361575042f3f11c8aa30f204e5b39992febd53d9507ca569b9033c94e6ad2086fea9d6f6abd88348fb434c7467

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

MD5 a289327bab7739fc17462b726d5170f4
SHA1 a0b9e785592fbfe2a62bb9d63a7ccb9e493d3596
SHA256 197a535e836da520934863923d2d1911f63e16fcc1166694250240c9bfc5ffae
SHA512 de67e9fbc503593ddfbfa2cb95718c4848a8e08ab981b45b68bf7c7255f0fe730aeacb03bfcf747138ce2fde4f5be5eb73397518e065c7b0ab07adb4a358957a

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

MD5 92df4492b588eef270faa35329e4580d
SHA1 88be14f0400b01bb2dfa61d842e8e22ddaef1375
SHA256 114b76d8ab8882477084b0378a657f76fbeecf5a29bea49a79c5bbdff456092f
SHA512 f828e7a9a87801f17dbcc6f0c95ffa457376a31d3303ab2428f5929fec582235c36cfdba24ff9ae6f6c3da71ad5df14e45f2185ef2926b0007ed5ab42db1b148

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

MD5 9a498b91dcacbfb490d28ecd7cceff90
SHA1 23be23cb6f0ddc62ae5c7f13ade6f595043a22da
SHA256 dec3a8e599e962ea11288cb70690e065e898eef992c2aedd8e233c367a6a0371
SHA512 4cd747d01a598666b3b58b60d21d3a21744ccc374323fc9f424ceaedb8a80c405b64e5c3440702098d8cef62633786ddb65f7a4f6755fb2475e612fed5181f17

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

MD5 9394d5053c661760ab30684977625ec8
SHA1 b7a276bf7d63684a416bfd3e7a9998dd85d66e65
SHA256 a271e5311d81848926a427beb8b9d94eefe80ee3b8cc7ed42e6066d59fa88ddc
SHA512 aad185f2bc1a2609fa8aac833a0c5064725fab9224099e6702a3790bc3dc575f094584c88eaf7d0c256984b6c8c56c331e4a3852e06a644aff3a71633d51fad3

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

MD5 836fb6ed9063771659eec9a68f40d69e
SHA1 4b825c5831fdd433b7cf2900a79a25a7b7009ab7
SHA256 941a438a8fa5de2e5bb0a6905ac6da52204e7e5df85bd945c41d06f6fe676a85
SHA512 fb0d27dc2b8d0c468516952e1092ce644e156d91a263ad0cd96142dc91e0fc7137103beecb6200574f0e1f01b6d6f87cc944be44e16eca53a8079a591ea04d32

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

MD5 c576d6de5d1a4cabc74651bb818b9acd
SHA1 15dc3ca2019a6ca20753527b8413aa38345755a5
SHA256 2fb37abb9c49fe08666ef6bcda51b4e727c6daa4dcb9374103217d41cffe5202
SHA512 bea6ebd176c72074698227323fab6c58391825ed31d646084bcdc7f6ef39aa6093f32236aa4d0a45ffb0374782906c02e239f1112396cd494f36655d2c919bee

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

MD5 899a3ae76943c870c4de3b8925e0f707
SHA1 fa27943645045eea4324cfc0e97bbeec1ce2249d
SHA256 d06f0daf602e3431e6af37544ecff4f15402047b9ff6524ec7f933fb93e237d7
SHA512 6d343f6c38fafd2a49cf4eb7b0eba0dcc68cea90901bdd033a781cfac8551de92d52c92759a8077ada472b975671296d5d69a3ee734cef8b82b3e883d6a81851

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

MD5 69ac864042efb64b30a4b60368f58a5e
SHA1 a87234ac1bda87313aa8e53bd9d302b7e16e553c
SHA256 aeeb5e809f00f7436a9b272a7ce68a7cef18324d65b8394d14bc01cc8bec4f7b
SHA512 4606002417823880f0b7d7ea703d4f6c37d9aa2f79a389beb0ca391873379611fc7413673cb451b84ba621c74ccdbc2a5b815987cdb0c3d18a4d54d6fb998490

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

MD5 7450cd9fb720d0ea4d37fbce687c7fa5
SHA1 a39b5479fc6644461994f38e208ed8badd1d7a87
SHA256 08b120424560fa3865b5f2821ae471a6de60f8f90abf7b104b3232fdf4e60b62
SHA512 0c1bc25a9cbfe4a5215d3d5ae30ce77aa8218b3f88b22cda75e60e19cc3713cd44c07c04405989ab5db7f083f5d81012d79afe2e4a837537a0c857663646ec66

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

MD5 0f80654b0aa8a097295cfd15283c99ee
SHA1 d8af26ed7f03f70a1d09064db0d7a76774df4061
SHA256 b004fce3176e8f074a28c940461638b0ecc51f055187a89c3cf784215f5102e4
SHA512 279b86256581d99616743e46da3008919bf4427b435813c548eaca3abdf3e57598c2883e2c914c7f8c415d6b5b121baa22905269e6b0437622a3968a46a1b6f3

C:\Program Files\Java\jre-1.8\bin\javaws.exe

MD5 8e035046e8b773c936abf76e1cc56822
SHA1 d4bd97324260acc393f7e4986957648071e8b6c0
SHA256 7740ff8c294e63db48cdace35000865ba3588cb57f011a675cd454cd4d92e7e3
SHA512 f5bfc3070f4d69d921fc1356681afb2744e60e2c1249ff728720d79b34adec9034df5a6dbe083f536a9d7fa05bcb9a140586066948985d3df5c7e303689e10d9

C:\Program Files\Java\jre-1.8\bin\javaw.exe

MD5 7880291fecc33566f3fc636f0af26b0f
SHA1 82f2949a737cc69901a18071adcca054ceddaa4c
SHA256 43fba635df6d89d7154f4d7af224230d284adf20d06b951e482946fcb172e0ba
SHA512 2fa858e710c8962b7d51bb5418dbb0c9e554c158af9b81c9013702121e57d6034899d41e7cdee8e3cea38c940f1e3127bfa2242ed928f27366cb3ff5dfc099d8

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

MD5 a42a21de424274a6f902539258450fc8
SHA1 f103ed284cee87d0b7afa493dc221c29e48256e5
SHA256 c1a76f14157f2172961ae9f404356ad90f35ccfda7624b8618c9cf62bede461f
SHA512 e6cf33fbbb086291b85b681a4510e3e7a911a503d759e7cfe00d9c3060725a1762ad25d0436ea30543144b845ad6c98f36a37c0392e56f7c18ba91c14767cea9

C:\Program Files\Java\jre-1.8\bin\java.exe

MD5 ed2188364c6a97cc8bca4f6e17d7fdb4
SHA1 949f6fd86033832879dd46937cfaacbe2e7fbe8c
SHA256 fb3fa7b23e7144a026a78ee3d780e91f93cf954532bc8e047d7f72ce6630c898
SHA512 d8bd49302596fdcfef1daa531ac41388b83febf8d3b4b85bf6c6605426debbc98f956f0f49c110613282225c571bf5c10b2418ecc8fe13b1d70f2b4ddd72d02e

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

MD5 bbeb7c76b4771d70d6e39ac562b5bf96
SHA1 e8ae659c797135f03d677f900029a13fea011325
SHA256 033e5d02d1e3158943fa4e90aa545945555a85107169c118d8f62207775e096e
SHA512 f41e5abf762623b8ed222e5c7d95e783854d5d97f046b6d409a72bb76d7f2cd8fa35d30ae917096bd2e7dc411b9f4c4aa7dd8f3559ffa8605a866173b5ffb94f

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

MD5 45356448361370c24f0ee7b81b030df6
SHA1 a4d3cc283f5688a364e6fc318efbcb778f8ac7b2
SHA256 4b7b19b515f2f1bdbf7053769bfb9ceb037e7a9f7f57244183876bb0f6b92b4b
SHA512 2aaec83ba816250c9ce74d6316f9f1fa2cc97a78ffca09566493271f1202330d9d00adaddf91624985b949006477b530d3b1c4c563f003ad8a54a798f3890b66

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

MD5 7a995adfcd63e35030b81d624a60f509
SHA1 68d8a2ff5eca138ccf7494de95dd2d86542d40eb
SHA256 f302ee42c500e5e4198d1620b91d75cf3eb1ec54330f052c229b607ad61d3b14
SHA512 c12e9b13b31be1ed9841247de1c143b72b9cd1643a8502e93eb8c02254d3a55565343676ef42b82839ce48ef2d913a6b4f02a80e8c9ce6b6a20a293bc4bbf2bb

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

MD5 edf0b21b7c5edd0b3a5d2ae58ede7257
SHA1 ca69c24ac45b7b6f0a5f21d8a5f8cf39ae90f1a9
SHA256 7bd03d4f1b83bf83216eacd8306676dd60e93531de93eab0f86699ec2a16f528
SHA512 b2375d5e3b8bcc11c1a0dbefd2f4e0932f719a7785a56fb33b2ffe9ee28c9df164b40f6ca4734075251e7108262dc96aba4b65c0d5c7b88fbf689e42e949c837

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

MD5 1c93e966128144122c267a2cdc44bb8f
SHA1 471b060991818b4ed53e2c29eb93e1a1af4edbf1
SHA256 108bb7213d9ede912fac19ec78e3f59ab7bbe44276850bb2549a76164e2d0ebd
SHA512 b69ecb357de1f29436e2715cc03ec6f6b7a30363dc9b09821ad8fb6c4462a1933c9a8b17c62a17a5515b292920ef87ae7d6f29731e31ec9a4099eea1ae969f00

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

MD5 6428a35cffb7b16502bfe83806165942
SHA1 8c0f3095864c662833cda476609b75692b8d34da
SHA256 d745fb730737b997dd140ab726ff93a3dd0c2de8472de8faceaf5f3cc7086f3d
SHA512 1cec4fef0b76643c263c1863e7a2aee17803f28e0e96ad7ebdc7095aa0701b9ce7d784bc5e3d71e239686637b857f5ed196026ffc40749358120de650abf790b

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 0d6f86c105fbd3208742f82f14589475
SHA1 69399f55e6fa42cb0e20775f5d18cc3ad7b7dbe2
SHA256 f0c0c2f9378491a7a54416750bdf8afcac126dde90b1dd59436ae442d3847c2c
SHA512 f5fa2bde24a987b150fed661f2348ecf9cae944bca674c25d56a3548e8e4515b7d6f128d5942de084939b2b19130dec93e5db353d1a7e76a68fcf96c6ed87fce

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 8c29b027a605168c65bb84e20ee107b3
SHA1 2819bd241db28a3730d09b0d48047c1c2164a8ee
SHA256 7b0fcf472352ef9dd84c6eb60967c77046076c6c50712852b749e3d63e10c845
SHA512 38cc6edd30eb409d9d688d16ad606b8fff33354e5650f6d52b2640a4e1ec3dab5ff94eb38277bcc1ba63217bdad6ee25b06269e0b428cb15a1dd0d8133a0ce87

C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

MD5 b5ca49b865b76fa4a6f4f290e7f3d1d1
SHA1 b896c054a70e05820dd9a7ac96ea506b8ae4d61a
SHA256 930ba492f2ee3d3fd437ce666e1e95afb88987ea6b230ceb6fa80b2a003c8508
SHA512 d2c4d7eeaf2c6dd6e9e5b47b564c5b8c3c72bf1f0b98cefb8885ebbe8349fe50a92ae5ac532bfa6db1b253c7a2acf9b349ff5bd0096db5e1560b683ae0386ae8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 bf53ce636c09bdd3df6d99e175b1028e
SHA1 4eaae8e242f70b124891dd562251116246341f6a
SHA256 c3d40b2124bb7c0e191ed985a287313dd65e074dff54271caabed2dbd9263f1b
SHA512 fa91858fb80a0947b7816eac269e5ee4660dc37d45fcdf4e40e2ea831a57fff044cca1a0e5cdcbde64ae3dbd44f06d139a8b2e95987604afd5be23596885c6c0

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

MD5 ae215ca94d3183a2571545796884abcc
SHA1 ba4c723847f2ccd25de268a6c5811408faffdbc9
SHA256 d7ba5ae4544d0b18a7afe2536ce306d0bb0ae437f18a831842da68b3cc647ba8
SHA512 6371243d04eb56b1d6cd4ee62d2e9b28697b2ee369cc1f7fa682932e2236ea93a5e4022b3d24497e539e32e52fe26e8fc7b018099ed839d10969df7e122f92a4

C:\Program Files\dotnet\dotnet.exe

MD5 62836d60683a0af8e1982ba5f1534292
SHA1 7f9066dfd17f129a5d28bd0830a676a4c4f9574e
SHA256 a32ea068c796db1061e0e119478620d1c40c8cfd73b622b151e90dc007c8d6a1
SHA512 1ae33b0c2a9d83d1249056ac12c513edce0c266e174c8d4775d170c91ac26c2500fd5d170ba28a9d60b5855b6b8804d14609568f8ec00e9dd916461e22a00d35

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 775d48deec6c3ebbe25bde1cb1344ba4
SHA1 52338f6b766e2f3d4c478f4ade443471d335f13f
SHA256 96f040785542e79c31b3a65ce2390468623abb985d769294c4913f87ffe46515
SHA512 3f949e381adbf3ce3acbc4d8727e2a8977ececf10eb26d53329c0f2fdcf9c5daf49d45878e9f8a8f7f4e1bb7513196944af0f5041697b909761fe4d8f7fb40f8

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 bc75f93b6bc96efb73a86e8e474e3765
SHA1 ae9cb082b5a69582bb061c037c15f906c1a3d870
SHA256 435f1f4bc7b636d091f6c58f038afd53f07ee1697dcb4e795047eb93b6696a10
SHA512 6301ab7c4a26a09e3c7a2d1b4bf05458be473004a6a49bbaca6679053297c58c204f60a760f5a19da41026202d292dfa9c9990b0cc2c11ac2fbad6ca06d83b9e

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 dde6273a729b321e75aa47204a22f739
SHA1 609b7aecd06c8dc711a7aff3e0dea2b6d31a5a65
SHA256 1aabe23f5d194434c2d6c5218a25e0b228d050732ff87f69651516fc3ebae7cb
SHA512 9c6083ce698c869e98ac9dd9bd9c5b8b2b7be943faa034820bbfab186a094c7eb57d7e8b0091e086da816166ac66104f96b4c21f3701e7ed70bf8ad49c9cada9

C:\Program Files\7-Zip\7zG.exe

MD5 3e96134e9153231d4d3647312925ae2f
SHA1 9d02d3ae562dd29e9f4264d42c3afa0b0f888868
SHA256 cf0f7f164f5d8847480e2954c63bc6509353dd69c4e790ac6a5d6830b7389c7a
SHA512 4953fc8b0bbe864468aa6c4ea07001a46183069b4347c07bbe35014f8278487c8f112947973e5741d2ad2b9e5d6ec697a8b0225acc28e607883f614abdd6dcbe

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

MD5 248b808ef87314f23d79e5ca0da1dfa7
SHA1 9bc3a8cff6f4be5124504d0ea1f91cdeaf68df0e
SHA256 7cefebd0b544ee435d8089ae128bc5cea4f4c03855636caf341f07300cdf23e4
SHA512 dd78806e278c95ada432ae5a75076d015ce2fd155c086fe51afcf5e90362783d4226d2f2463f0b29d5452228bfefd7438a84ad670fd7f0e5b574fdecf21689ed

C:\Program Files\Mozilla Firefox\updater.exe

MD5 42ca2c50b81aa38a87b321668587f6dd
SHA1 de40e424ae773efa667dbd61bbea311978905844
SHA256 3b8dc2fc0cfd4fb26377de2bb19028f3800cdb37de1bbe0dacd2dcc19f815f00
SHA512 676bc82d8f0a716a63fe21fbe176e20dca30458a6beef7e037e5a83b0abff0185d0a5bed02c684fea4e984fe229c29a8241c55ee4de5924082d7e5c6ea21d3a7

C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5 63042d4b8e056c8bf835941ecd1eeb04
SHA1 5118ec0d69b3d737bae76017cf010e8168492308
SHA256 729ed0126ef40f91cfd2b416984571e2d0c5e1fc30edae25db14ebc781429f9a
SHA512 215a9d3919e97212fcba21b1be15fb95473b033024921ac8760ffc6e260c683ca2ace3bcbac0bb5871f795c511eba3dc2ce363c93eb56921f08efeea80a975ae

C:\Program Files\Mozilla Firefox\pingsender.exe

MD5 f10982c5ecf4b04bc13c62297fec21d3
SHA1 836a1041f05ae2c6d49fcf64ef68dd6212489364
SHA256 44bd5bd226722ea0da59579a4354135b2c94562d65cff559c20b56d8cee34abe
SHA512 5b88e31cd58efdab1a3fc86f3ec1b683297d0fc802452f1fa7d0a77cf9df423b7782084707538763e83bc85ffc81b4449703ee22f1ca8c94fa8f702f57dcebca

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

MD5 c671f7fd1d12eab1437f518405f44299
SHA1 fa0a1ccc9d218cd313e90bddf8e69e177be12774
SHA256 6e3fcdd454d8ed45c0b9e7a2cf095ca2ab8a92176fbe48b9d8c431e9f451b854
SHA512 4e1957f50f837d2712487bb3130a1537de1e569f0ae2242642619774a79470e4c23b4cd6c56ddb1ae0d6fcf46190417d5d8b404fc7ed5ce22f73eeac59592b50

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

MD5 fbd0a801e16f0e73bc9fffd040e9d4e8
SHA1 db80e8b047a97089122e00d45334a52d877063b0
SHA256 570455f4bbc854b75ef213266734a83af70245205bbf78f7f53bec54056aa82e
SHA512 c493e8cd41809419e7f7e3e27cec15e1a8573806248d4d5ace0063ba5d3be05aebc8a549133c367726c3d8577ffa641f3ef30a12cffe55ccbf009f6485bd4177

C:\Program Files\Mozilla Firefox\firefox.exe

MD5 7abd409c19527d15d5df666eb1f0a8dc
SHA1 5dedafae7be52ee33fe465c8acafaad82a5ae49e
SHA256 c1d80f17eeac765b2dd48caa38b77b1b3cc113c2aa442058858f4acd4913a656
SHA512 a56afec858c2d47cdbc605521642ce325c27681c9e0e5a71c9e40c8123824ad3a2d4dc7a29d5cbf3be52d8f7cd97afc4e2f3d287c22e8af21a9e09ecce2a6f0b

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

MD5 29f362a65002531da5d1d0e4d54547e7
SHA1 917246cb0b853e3281afeced7a9fd310aee4cf92
SHA256 5f1c864d6c80aefd240a77b83ece58d429461d5d954636b5458a59392282aa31
SHA512 0ea658a8b414660324dc3964548313a3183851b14ca642d609145b61e3cb8e9b330090fdacf4d03c73f434e1053918ed71f81ec01bbe25474dff0a5a49adaf34

C:\Program Files\Mozilla Firefox\crashreporter.exe

MD5 ae73a2f542f68da9ccf086c46359f739
SHA1 a46b87d896ce7da33889836d6f7a04b77e4d5698
SHA256 d18bf5a11dedc1391c55a89fb5111436aa9fe651173cea138d33c74071a5a7e2
SHA512 66cf3a9c84aefab0f8fdd655b03be12668f77c8bf03aec6e963dedc045405ec13137a717256dfcf1556864f55c05ce4b0af9b8f1f23fd48f2fbde57bc6d94ad7

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

MD5 a169af61c8be7231759186b598937609
SHA1 6608fe141f161e0845d1ad7ab4922acb253b3bc9
SHA256 bb86b85852f6bab688727bb09d48f167994d36f6b290f0464cfd8d69ece658c4
SHA512 acfdf6be265925b60c104f218314938ee9cf1b22b78295bf73b2fb169b007dc0065f944adbd5e5428c33f93f867cc800ca57ac29041234d3c04dc47e393b10f9

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

MD5 67ad7ec9c15bfb42a6899fffddc61066
SHA1 a7d4816619caa1e7db767aedb5fa02b31b488f62
SHA256 f66adbaa25905b36c3cd9e7813b6792cf8f70e51e39c0314f3040487da4f6f99
SHA512 afb9ee85a14550962f7dccc5f295b4fa8cd0ebd0eb70daf9f4e8255c59bd659140018d0d03aa188868ab25dcb7577419943b78a088f9ab2ac6c3863ba6109b6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

MD5 50336c3510040cf1c5509a37ff2b4df0
SHA1 714787114af61aa3e2ef54e393a458b4409cca7f
SHA256 d3244606508e08c3345d529920a5077e3c58e8c8ffccfb8362ffcd6f19a418ae
SHA512 2a3f0c2571301e9f0f4fa3e9252a5635baaa3f7589fbf1edc22551d075280314f5501aa0f7da6c46508887851d608fd77be78bf0f0d1828da180cda84f4b9c4e

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 4068fe40cddcee1b584c60a153135111
SHA1 2dc8e95ceed028a1b37e95504e771f74524426d6
SHA256 13add2ed3e3183682c7ec9673695bf005d10425585d5c46c56201db2e7f26220
SHA512 548a983d245c109e82502d2ecdf949be57ad49ce34ea2a37e3fed1817182a70e36b37fb30ce3842db1b68c7ecbdc1dc5341745b3a2db4541506e4c6a3a14a8ce

C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 6b07d892f85669874a44ece5eab4651f
SHA1 11cbec25025e649f3e0868f65dd5b8145d168144
SHA256 4cacb908b290ff57937080d3754123e213ba21e114f1188e022ec2a2cb32c1ff
SHA512 08a12e9a1e007d4bf851b89e1e4602aa2708edf5356b6f8c3837cf351ed8ce726f87562ca210f582411cd3c0e9a58e8302a789b89ef489b3d8ae9fd2dfcfe47a

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

MD5 ed1574df84e0a5d4988d93a49f032733
SHA1 dd496b1e16077714020c480bc1bb8e02ab743204
SHA256 8e08cc4d6f1870c16aa2670437dc870eb414da16b9c67872d5c5cf192b8d694e
SHA512 8e2c8000552fc5cf320bf34a9e8d1459410cce905b73a7f82549f97ed70f4d742e7aaabd2f5e8990f72d9b23f2eb93dc0aaab2a8cc83f060d6f104b37f7d0a64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

MD5 1da03aced8439925392fbefde2c1274c
SHA1 e97c626d940840b38217a9f98c6beb3f56b5d08a
SHA256 b37e3983bea9036ff5ced7ab2f8e1db0ec11034a6233ef46f5383eab4bec368c
SHA512 e5215d83a513f1cc0233aae3935accc17f70841ba6a7d84331b0ec448dc2390d08c5c93cd44c04b9a79087a12d27cfbacb5a0f1ecef4039437e4a85560b99fe3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 c442d09867aad2b320b0258419015159
SHA1 50bb4e39e87ceb88e9b9992ae343610a07aaedca
SHA256 6be5afc0519bcc0da85678ff841909ca299f1e18ba9901e868ac10c03b0ffdf3
SHA512 5fc474c66f8e7c851be32913809a6cbec44dfac73000111d5063dcddf5f77b090ca1430a38f71b75ce2b52babbbb402a20092ed23a9697f90bb1f3dbf848ed31

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

MD5 e66ab30458f38b5f695b6bf3989e67cd
SHA1 b45f404183c0b5314324e3c34914780ebc6fc9af
SHA256 75c693bbac08a2c020a095cbf67c680e93f172c3e99988ba2194bb5c03921d41
SHA512 73671d5dfe0d9f4627f30cb816d0d40485e2842f7928864783b1f5661c11b39f31a9f69d39289b24d757bfc057ade10c8c2dc91f80736d1a9fceb5ae4815e834

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

MD5 f16f89a05b9ce10996593358810dc308
SHA1 fa37dcbbe5d0183518dbaedaf4901bdfc22483ea
SHA256 d3b22bc2851548fcd5af05ddd6d40b0e77401bee618320bc735d6acde39c29ea
SHA512 fe9952743f94f942fd41e5328d6fd7ef9279590eebc204822e508a4d9bb47c1982c22c4cd3abcf8fce189c7d4cb715b5b47bbcb71b277276246b1b13bc14594b

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

MD5 dd7786c81f856c91c5daefd7690e0b0c
SHA1 25dfc5075633933562d9ce86ffb629ace1c56235
SHA256 4e67d5158500c3d763ada2cca97f6cae4b2c1a9a9fde6174e194ad2310a59a4e
SHA512 17e6be5f7ad6f46d505716d03faeac58516e596a9385219f3a5c41abb923fa7bac8f3ab34225170e6e65d30f83fdc9cf14a4e4d77e6f0c56070fcc1b67d5a3d7

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

MD5 cf7ad386361ae755479a29b61ff1fb16
SHA1 8e088158e3647d94ed04a388d43da123b6dd10ca
SHA256 587f8538d649644243a7d40aa0bfbfd46a84b09dc28a7d0010e0d8efa8d82871
SHA512 fdf7efae0c027e231c505fce654f664cedf7d8c8dbddee06ed4bc145d310257a4857b266abedf9900c5ab2efcec840e4cb8fd2e176f90409de3805ed3ac2a2f2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

MD5 6ce4a519d6f827293ee4631ae7de27c1
SHA1 80570e0340a7781603c9975fe0e96ab6aa40968d
SHA256 2472d13c1cd5ede23afd855d38bba9e84637ec734cd80152ef3b61c425f404db
SHA512 7ef3aadb33e3f6d35f29d9cacdc334667ba942cae78c1d6d7e6a9506578477120aab65427ce904feefd3c843892350966b5c747df930584bc2dd34757c36416c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

MD5 30812407c75a27385f05f8a293c3cebc
SHA1 93e54ee222d40ef529a04bc41f071d6ba719ccf5
SHA256 f925cc40a5a6e0b294710999586b5d3802d51ba4d5a20e217299a9b83044bae0
SHA512 e8eb22f5b3b89bd0b645e6243d06051927edf66a959ff1ddbc162e8b0336917fdc3275eea980ff8dadcedfaa2541b88f8e6748e5b1b01874acca7d342fd60b4f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

MD5 e4c09fd6b3aa96c9207c9cea0bb09262
SHA1 3d8570677a64d1c46cbc7555c1b0697e2c291ce1
SHA256 a494a2f670c8a618f777c743fb9eed9ae18007e59962203f20f4227c534c4aff
SHA512 0df2b3aa56cf32488ba57a8490542f1b484d88f4cce0ff62a971cb9edc9b6cf0588bd4023e67734f03ac62d0fccade7fe5b7cd2874f1e4e5538530a0f29ae4e8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

MD5 e14960ebc0f3f7fc27e8bf43f365b286
SHA1 4f832a273b96a4fb163d883bcb111f6e70bc8ebb
SHA256 15ad9edc321dc9afbb6ca0acbe3eeae4a70fc01116abd0b32726c82208abcde0
SHA512 2fe76cbc40a8ed97a073b2dce499a833ccf4e76534b7fd9003981c731885ecc2bc81a41dacc2ccd1b2d23869542847cb763e325703bb75b242b886e8e4e182dd

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 9ea89169456be9a0850a81e4c9e5bad3
SHA1 b6f7e2ab64225a8e52b02bee0dae0a9763170e4e
SHA256 b074d71e3afb1149370cd7391d0c2ab38a11cae7999c2791b8fe08c332b30720
SHA512 9a9e8291710e3cde1ac4c09e533c55a771b7470551ee44d959868c8fae17a5886b4d72055eed2573e65f51af48e18700eb2af3e23968336924fd39613177e110

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

MD5 6f3e89894217d080654bb5a76eee1107
SHA1 5d1f87c9bbaf26b497f4a99662f9584c6c0883b4
SHA256 3c8ef0fa3caf163b04914b9a0233d927670d28d6379b287e1bb4acd9ce6f13f2
SHA512 4b512ee1bbf26bfc4acad1e87bcf14db1db7b8906ed13d68c9294f14e97d112f3ecd8086312edff08dc365b2e7fe0e9992353aac202fea353f4647a2cf02b121

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 0628da6f6efd0bc517253ee84c7975fe
SHA1 b27654f22656881c15bccb089ac55f9a98abbab8
SHA256 c6f869a4932963d0c59abce59f7438e1dbe795bce25d87af1ae94bb7bad8a20c
SHA512 5f770c1d5ced2e12e51c1e338aad35f48baf8c9b1ba1f99b19c54644cbe66495cf7d4cdc8541de8e60aa1727078fa8756fce0a5f0806bea64ad42a4cf969558f