Malware Analysis Report

2025-01-19 00:34

Sample ID 240506-x8skvafg3s
Target 0429260d9239e773f0aeb85923811950_NEAS
SHA256 60284170e7846b4ce5fee76f6e56a8eb29f6534975348f9d232163a22e04c7f2
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

60284170e7846b4ce5fee76f6e56a8eb29f6534975348f9d232163a22e04c7f2

Threat Level: Known bad

The file 0429260d9239e773f0aeb85923811950_NEAS was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 19:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 19:31

Reported

2024-05-06 19:34

Platform

win7-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe

"C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
N/A 172.16.1.3:1034 tcp
N/A 10.37.232.110:1034 tcp
N/A 172.16.1.196:1034 tcp
N/A 10.11.161.112:1034 tcp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.8.51:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.222.21.129:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
N/A 192.168.2.18:1034 tcp

Files

memory/2068-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2068-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2068-9-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2068-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1396-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2068-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2068-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2068-55-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1396-56-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1396-61-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 548058cd112c4f5313ba8b06582fedeb
SHA1 a33df5d0b7c19823627b7aa5266ae222599cbe81
SHA256 b80612a623c1c50b3cef0ea784a0807a054f03cc47924420d723b2a56e2918c1
SHA512 703dfccd6ec6294ed05144b6762fa7bcaac76e6c5cab8922bb599223f5039da33127e5d583c5ee50c5cb6057cf89a9ab98d48c37b64185565e6da344bf319f93

C:\Users\Admin\AppData\Local\Temp\tmpE4C6.tmp

MD5 4a88788e5bbb34702406ccd1185ef644
SHA1 285930b41a26093cd337cf5a0d65c46f2ccdcd7c
SHA256 33374a537996fe02036c27222540b82bcc9a9be76a27044c09e2eaeb71daaa44
SHA512 2530acf34a34879e5828ec85e089be1b50486cd81229e249d103a13cefe70c83e9737be279e8ea295c1a47d150e17cb3aada4bf4c86a1068d0ebec72adf2fb59

memory/2068-81-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1396-82-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2068-83-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1396-84-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2068-88-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1396-89-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 19:31

Reported

2024-05-06 19:34

Platform

win10v2004-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe

"C:\Users\Admin\AppData\Local\Temp\0429260d9239e773f0aeb85923811950_NEAS.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
N/A 172.16.1.3:1034 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 10.37.232.110:1034 tcp
N/A 172.16.1.196:1034 tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
IE 209.85.203.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 199.89.3.120:25 mail.mailroute.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 52.101.41.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
N/A 10.11.161.112:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.27.27:25 alt1.aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.5:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.26:25 alt2.aspmx.l.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
GB 142.250.178.4:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 52.101.10.13:25 outlook-com.olc.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
N/A 10.222.21.129:1034 tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.26:25 aspmx2.googlemail.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.223.2:25 outlook.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
N/A 192.168.2.18:1034 tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 hachyderm.io udp
US 171.64.64.64:25 cs.stanford.edu tcp
IE 209.85.203.26:25 aspmx.l.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 tcp

Files

memory/592-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1244-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/592-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1244-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1244-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1244-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1244-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/592-35-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/592-37-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-38-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1bc2cf343b1ee6cef887f8bd67b2e4ca
SHA1 e2ddecd98ee831554277cec74b799ce2a2434564
SHA256 0064c2a56c9002124657586e58f5d2f5204c186b40311a37efc388921a65a4f5
SHA512 9536605478c9998febdbad7e924c3328f43c6390f7b8badf87ef000e989810a4f00d0f78883592ce4a6eb05df2eb6157fe23d6fb16fe9486892814d47db06f13

C:\Users\Admin\AppData\Local\Temp\tmp5457.tmp

MD5 6f7b055ca59a91fd66fbe93038cfe3f1
SHA1 8e125a04e597f3208805ad4f6f43a2ade7142fd5
SHA256 263a7cfc46906f87b3729d1924408665cc8a1ad90da124a045649d4a6df68d33
SHA512 7da50812aa7ca55fb46facaf0aa1f51ad526936d4cb679fb11accdd454c4f1b9b1cd668d39a774ba0b8529886b9045b113049fe5c70e913718d13ef5a45d7e66

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1ee7d1aa630d93892a7ed1f0768a44bf
SHA1 08e4fdfbccc7b23b7f9c75255eb20644b382fa2a
SHA256 eb97c5290bb8d2d93055e3c5f0f25b68bedd5b21ab074680df3d5b4034160259
SHA512 da5c0a4b5c2d7633ffdcc696016f6456d3551fd83a8cd79add9e586d0e16940b003d91f2e6ddf32a07722855671a8c03339aa94a96e4ca82664d114607e998db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\38X5TYDS.htm

MD5 f818b2919db964556ff1eb8c21b61664
SHA1 490d56ff4a01f07aa9aee1d0f0f38e2c14693918
SHA256 d4e1ccd1db15aa857872ef12a337cf41accadbac78432015517efe413a3372bb
SHA512 5b0905e61e243d5c2ea7f830f95eda27645f54af1688937581c4cb68afa3f252fdd8b289ccd1401ca7e1e8d6079f706ed00f3217ce77440030d0f54a3c3cc4be

memory/592-120-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-123-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\results[4].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X2NSSXLH\1TCX7P1J.htm

MD5 f4add6bd07d2cbc809d99f4b59735a83
SHA1 1c7947d483ebdb27201a52a8b0b02288c24176ad
SHA256 f924a1d6b57e749c3e594aaccd02bcab043177e33c3122242a2b5a26572c1ccf
SHA512 f714178c8ad02a14a59bbf4216e46eb2adea3fa070d25630043be67734481c56ca1ef29f0b6f385f640e2133838daf545248728b3aacd638ee370d18b8e0bbcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/592-186-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-187-0x0000000000400000-0x0000000000408000-memory.dmp

memory/592-243-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-244-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOM5RXN2\search[8].htm

MD5 e0f9ab30234b20473be363424b8b6c11
SHA1 4b8da974785e781edaff2be4450d572b89dff737
SHA256 81cb453215bca338652e0cec8f01ffb3191962b1c4ce035cbfc53589d8d2edf5
SHA512 2d08f3040dfb263f94cddc14cb7af0df7a1c847baf5a1af24b6674cea76f73a940517015eaedb7c8ecd62555a8ad4dc90ff7ebc4987191d3278ca7a0d0707496

memory/592-256-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-257-0x0000000000400000-0x0000000000408000-memory.dmp

memory/592-273-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-274-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 11d1e710bbdb2b5b02d42c848d772129
SHA1 8de0b1353ec77ecd67bf906bc40bf109da0564f8
SHA256 2adc91da9c4ccbbaf26ed9c187b7ee5760db74c7723cba44413af440bf69de92
SHA512 7dcd7bc70ec179104837a33ca5ec99d5fa5c1d808f92f8faacb12bdaf05272dc951766c9c0fe65a158de06a04d2b0c0bebe0045d6009943f612f74c1b65c8e17

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\results[6].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X2NSSXLH\HA0V8KCH.htm

MD5 1969df96b6ae42e506c58f230a18dc7d
SHA1 9ab1fd1338d47a240ccbfa8d93e62b7afdf8af3d
SHA256 a4ea41ea00686b10f29a03812fea307bb6187498eb463fef0b03560f4f784b20
SHA512 990241e27ab19974c9e57a5913dff206a98ac9f149f1ac59c26348afb1cc66934103ebf85b4a2d48e618b023440606fb3900c3fe6b77a38bfcad0314627619fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I50YRZD3\default[1].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WEG78UAE\results[5].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

memory/592-369-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-370-0x0000000000400000-0x0000000000408000-memory.dmp

memory/592-456-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1244-457-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X2NSSXLH\default[7].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WEG78UAE\search[6].htm

MD5 3cdad5fe437482b57340aef20fed3958
SHA1 7d64088f76d0796064cbced4592c89d4c3dd6437
SHA256 46eb9ac8c1f2d908bdcfe797abc51bd1afa502dca31c9b35650d1fe88e31d80b
SHA512 3c8ff9fe39f3ff0b6f5cd1fa26aa68bbb6e62a5c886c545a4041c9e4ff01435f06e2220cb3c4f649853361769d25708edcb94ad22d66092be9f242742736c4ad

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 2cb2486d067a563d73d6dc8ce997ee90
SHA1 416ac643fc6ad967a547030055debb9c9b4d2472
SHA256 6d8950b9e292b074b7478453e49cf128ec1b8701bd34be609bbfb4a2e59ff8c0
SHA512 9171412d1e25172bff288f8ad293dd1a248613aaa0ecb4c84ba79cf1b2a3f5ac7c96c2c2149b88731ab92a070cd55605943e7dee16d732377e3f0af0f7e69c0b