Malware Analysis Report

2025-08-10 21:53

Sample ID 240526-dsrh3ach7x
Target 5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
SHA256 e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8

Threat Level: Likely malicious

The file 5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4783) files with added filename extension

Renames multiple (3454) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-26 03:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 03:16

Reported

2024-05-26 03:19

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"

Signatures

Renames multiple (3454) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 986fa890dae1e8c1ddd7cb12a4dfeb80
SHA1 26307e24bb0277733050dd17fd2f4b8527933e4a
SHA256 8ba5f755f6c796761338e8ee67a3cdd76c437133b13c171b1589c2b13c47e9bc
SHA512 0b04722760a9abe0b14d64b582c240142f6de5deba2e725f838fe2868eed67ac3c0272728eb44e9599648082f82c869402bc7c588fe2c584418c8f84d2c66d6d

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 68f4156c461eabe1e79a300fd5147e10
SHA1 62f4a5a6f89575d958c994e095ef1aa9e38e8929
SHA256 a9a8098fc46cd3165511878efd75b70c451d14bb87c266375a7f37a8a16c5afe
SHA512 f533c1d117b0fc2c83eaad151776bd5c820c1e175bfa90a15c5f3b1e4a5a675837f69757cc89515f0fbb0ad9ba14f60898c349ed1d660a540398914ef0599e25

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 03:16

Reported

2024-05-26 03:19

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"

Signatures

Renames multiple (4783) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 6003d396799e8b6f11d438c94dffd870
SHA1 cd5fe692aa7748dbfbbb62b80bf8d1f4cb9b8e69
SHA256 15fdb0fbc4dcf7cd70359a954da4d5e5541f4450fe2681016232e03f372a1fc9
SHA512 aabc6f0e0523774f99bc0763cecc534bf3f1da6270846e1831c8dfa6fd161b4f1d823b3f8b097fb2a33c53fd70f9f31986886577c4f150e99165ab0c8a69b40e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7be6db6bb943cc6b8bd917f68432888f
SHA1 4b1fc38571d0d7a9a019e9a30b0d277f778c2340
SHA256 61ebccbf547d7b0452ad0645f0e8960ead90dc42cfa9f13b45adb909ad3bbe97
SHA512 e9132c5110c0c8242cade002c71ce19956f793ca0ba2880074905e8f852cf4958eb14fbea51cc508e08f6439096c3e5ca011c58db87d845fe301bd0acea4c8b2