Malware Analysis Report

2025-08-10 21:22

Sample ID 240527-ns8sfsaa2x
Target 36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe
SHA256 3648fd0393d552e11a9d493c5dba80a21b664fbcfdc35f47589d41e8f13b88fb
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3648fd0393d552e11a9d493c5dba80a21b664fbcfdc35f47589d41e8f13b88fb

Threat Level: Likely malicious

The file 36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4837) files with added filename extension

Renames multiple (3437) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:43

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"

Signatures

Renames multiple (4837) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
NL 23.62.61.58:443 www.bing.com tcp
US 8.8.8.8:53 58.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 d18b4d458adc8416d8599fcf1dc3724a
SHA1 9506a7d53d8862cbf9798b1d2ad269137631c127
SHA256 a8f5222fb68ca73e93350ce5488c0f83f406b8954191ac08789fcdac7971d818
SHA512 1e6dce7bd86653ea94148c3397aa7c92480f9ee8406dbe3163eefc51529d5c5ae16329e58ca285e97a4812bbde7c8af0d36898b6ee16b48b9c2096ed2326641b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d4d8b1d764a78892a8a54ea87c44421b
SHA1 5fe7c76fcfed35c2d768e87e4673ee0cb97f1e1f
SHA256 5711d7927ef32c2f1fbf22d0b25db8026d5a50f5738277bc6ab2d54dc1443c9b
SHA512 2bf8072cbd8bbd5e8c2ac168d82c4ee85bc42476237939ff6007519e2b50e9725e64a35239e0f6ec775813cddc3512fa3819bd563dc3b2064022496b53ed563a

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:43

Platform

win7-20240215-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"

Signatures

Renames multiple (3437) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 737da1f4a09947d7a7084fc77ee9ae67
SHA1 c4a2f799d77da8e953da3a80296f1d8f48fedb44
SHA256 2d8c1e50d7b069a75fe50f3e9e3b22340be027aa70d8ede4625face50fc5c522
SHA512 5772f7d72f60cd2852e61a2ffcf8337ea12d18422bec23277d9feef329a68d49e982d140d234b4e2c94b4e62f4bdcd15ca98cb1a33a14ecdd2e6f56c6a02a519

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 51511e9d2c94d24a49ab7dded7c5e498
SHA1 8196ecd7ddde367089bbf4e53de959651654c2eb
SHA256 db54a1b597b1d22533617133e96c831c48646dc75e65eebe6badcfed236ecbc1
SHA512 e08314251ff8c849a5004a7644ffbc84143c049facaddf68708d1fd85d16332c723330359713f60ffd861c772302c2b9689dd814b71f056052fcdd2175ad6b0a