Malware Analysis Report

2025-08-05 15:47

Sample ID 240528-y62w6sca99
Target 0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe
SHA256 290acdbca4c4685524de159b1c8dcf3839d03362ea95d778f0e2fb29e2e99217
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

290acdbca4c4685524de159b1c8dcf3839d03362ea95d778f0e2fb29e2e99217

Threat Level: Likely malicious

The file 0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3736) files with added filename extension

Renames multiple (1060) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:24

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"

Signatures

Renames multiple (1060) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore_amd64_amd64_8.0.23.53103.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
FR 142.250.75.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

memory/3580-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 eb1923faaebea5b20492839814ad99d5
SHA1 73ad261532b66dcb32bf31d8ecd0d18cbdad7d1b
SHA256 9129031e4e07485488d432cf2c2b7a6fc5a4c51b533ae972da0d135ae1df28ba
SHA512 48ea34548404b5456f3d2fed94a607ce78fbcb835f3db826f03849bc2a45c47a8c8de3a8d898801e6db886b27b510f20933c53eccd12f67f8b5718cf1a56a2ca

C:\libsmartscreen.dll.tmp

MD5 0d8cda956c4df40e1d7f1b8995beff99
SHA1 7dfdc2324c8b94260349510ef07c187d0b8d3f5f
SHA256 ef6e77ac7ac01085fb0310fe2092ca0a4ea5322af9bf531008a55b2ecae91409
SHA512 1681b507cacb92065fabee4fa993179e5170427a0befdb5c4e9af7f21030e2c4648d87bf0f5e380ccf8fe5f93f8d1b260d8663232f9e18337535cc72ef0f09bb

memory/3580-66-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"

Signatures

Renames multiple (3736) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpshare.exe.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpRTP.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0177bf1e7f4efce8d5f09d6b465ecde0_NeikiAnalytics.exe"

Network

N/A

Files

memory/788-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 17796e673ee46bac14394045d7309d53
SHA1 e431cd0fdce177ca56ca6480fd6e465ca6e6194b
SHA256 9cec224efb2596b4ab6eb813d0cd172878a7094181f8a159477399185652c64c
SHA512 abc9cfb67c7ef581acb5304006bdfc8715e30070d9f125aedec6624e1c0ef994e727a11611f0232c558ca4872c4656c19590f0b4023ca6de7bac3ea68f1c53e1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 43742567719e2817c16f40ec9556ec33
SHA1 2481f5061d1629c4e8c25376b23ff67526d8c338
SHA256 c4830e194235d768cf91dca0eb48f9e44b024c96f50abef4af026941cc5916a5
SHA512 5d9f5ae089447aee5efaebb37fe864eaa953d23b0c3033091132fd7918e68398a24d7f69837bbe8f472dbad85f65e2aa7a4945c01acbc220045b5f0556fd4e85

memory/788-74-0x0000000000400000-0x000000000040A000-memory.dmp