Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-da8dvswgmg
Target cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe
SHA256 7f56ede4e4b51b68e855c087b75b39ea055134218cb5f1b8634bc38f6f8ee88c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7f56ede4e4b51b68e855c087b75b39ea055134218cb5f1b8634bc38f6f8ee88c

Threat Level: Likely malicious

The file cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (558) files with added filename extension

Renames multiple (5211) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 02:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 02:49

Reported

2024-06-16 02:52

Platform

win7-20240611-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe"

Signatures

Renames multiple (558) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\ApproveConfirm.csv.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 4761113e1714f81bc8058995a203f76e
SHA1 d5630d85cae0e275b66b4cff59fde8a2d231c699
SHA256 0ad11acf78d8a642c7d17a118269803b8fc66b500458f5fc55dc29f04668fc93
SHA512 b53343b13bb2c310139437026d59baa6f3bd1af2a42cbcf437c61a55a55ef86891464dbe790e7565a4d7530ca820edc85a8dc604de77670539eee1cd562b9531

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fa3cb29ef89dca984be3cbc2175a1f83
SHA1 f98a6404dd39c885f5d315c4ca30f5c6e89c3d7f
SHA256 edd1be8584158fbf80da869f11f2ddadb2ddad9836d4db3c7ba1b32c715df03c
SHA512 1a8240262c55a1371582929c73ce7101bf3d67cfb4531d2d98b86fea455b8119319e0fa2d4e9de8dec4b6a92550ae87685e5fe3c2cb22af821d8bf368dde570b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 02:49

Reported

2024-06-16 02:52

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe"

Signatures

Renames multiple (5211) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cf008190ff0e3b10bd4c6a2f05d0ca50_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8

Network

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 7167c6ff0753001366662d4458410951
SHA1 2c8245981d730f867d41c36d84f0aef761c30ba0
SHA256 46020515778ba86b0402f33e55ac0fcf592b5013931b6b59387bff3355b76319
SHA512 9e4572ea4f8541419269a222d4e55ea469ff566531aba3571bb8d3abf8b7793592a10315c7b27e1db8b4a2744ca4c099faae59ef2ecb74b736b1d4cad10b9af8

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 e81c2612d9b2698586a84ea9e4256ef5
SHA1 3583ddd93b2b54e6d83bbf7ccb1fab4d911a4478
SHA256 39fc06faf7fb333a9db6143dece2f3425382460d74bf0ed37d2ecc79868745fe
SHA512 c125f89bcbd6e199c389404afda2024ec4cfc8ca499401ca31116b65103a1948634651d4f670fa28fefa6353c0dba8f50098f1d8fa4b62303fc3544d19dfde29