Malware Analysis Report

2024-10-19 11:30

Sample ID 240527-prt4cadd73
Target c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe
SHA256 f7c4aeaa815f44454061199f2d8318724e333d1f4a7047fb1caf919ceaa6aee0
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f7c4aeaa815f44454061199f2d8318724e333d1f4a7047fb1caf919ceaa6aee0

Threat Level: Known bad

The file c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 12:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 12:34

Reported

2024-05-27 12:36

Platform

win7-20240220-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
N/A 10.200.69.243:1034 tcp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.44:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.152.243.207:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 10.227.85.66:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
N/A 10.0.77.20:1034 tcp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 142.251.173.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
N/A 192.168.2.15:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 mac.com udp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 mx01.mail.icloud.com udp
US 8.8.8.8:53 mx01.mail.icloud.com udp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 8.8.8.8:53 icloud.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 mx-in-vib.apple.com udp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
FR 172.217.20.196:80 www.google.com tcp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
N/A 10.222.21.129:1034 tcp

Files

memory/2764-2-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2828-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-9-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2764-10-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2764-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2828-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-24-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2764-25-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2828-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2828-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-36-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-37-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a63589f50c0ca9866ec6cf940c215816
SHA1 5b3000f44060b32867f30e8e243d4fe8fa6a08e6
SHA256 a327369cddfdc002012255e3d957cee67a75fc23db54122fa95887ff122e13ce
SHA512 c4b30a8540966238c5eecb200ff754cc4268430e7e6e56c67b2f8e471e903d6b2e9b975d2c5b53ae6bb66b5ee6a81c79cbbeb36605f1744ef3ac4cf55ed15e3d

C:\Users\Admin\AppData\Local\Temp\tmp1355.tmp

MD5 0072bc20c4c883b5821cb74214c00a35
SHA1 4569122262fbf8a3a22f9438edeb3faef8ea9bf2
SHA256 1a16a915a45d4a77108d020eb72079cb5e3d023353d5cd811e8ce2339cd01e54
SHA512 1f897954dc081498bd0c6cb3ab7236973e04b532b5d80666462657bdcc799670b81558f36064b6952f88bb2bca41b1a132af6a76ebdc24f24ad6177a8876666b

memory/2764-58-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-59-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-64-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2828-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-71-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-72-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-81-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-82-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e8d70b5b64354581b888729d36abeefe
SHA1 09d68fc9289bdf5d77f77e7a501b6ba42c0adc84
SHA256 2b42c87690cae7d30b8f9cfbb753f160f3a743498fd87e0cefd64220f34e8930
SHA512 5d5aa12a41fd06e4537c92f8c24adc7407da99c3a7106e83133717bc26ea40735ba994d72b50a906b51cd52f91e99ed6da8d3f08db8e5a6c8418e0105b0051c5

C:\Users\Admin\AppData\Local\Temp\CabDC0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarE63.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7a11a619b98160efb03341eefa0af30
SHA1 fb9cec43a230da64458332be28ede0c024eccde5
SHA256 41ea3e1784c7a9deb87ef920b266d85b46c45c0502dc57356cf57f5cfee6448a
SHA512 465975929409edff0f79ff0001623784a1544d9f633d344d00ddada7e50f2cf43b69feac372807f0cc71d291fc4adec0641d88957bd45faee269ea5783768f54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7637d2553182f9aa6e2b76d107c510a2
SHA1 66ca6bdf5b7e92fbb5e48f632fbc8de712ef7d64
SHA256 4a0fc1deb927d9785cab2cab288d727f326397ea0b1aa2976ff6029f6fdd89df
SHA512 ceae2069fc10ded07d51925f53242df4e9d2ca4c181bf0a96269b2b20918a7f6363ce705cb73e48e20b69709b6b434f52860afb7a66569399f5e1fc045a443cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb4f46afc3239ad5a5b1df3d01b0c1b5
SHA1 8700feb51d599dabac1b98b4fd509473faec4207
SHA256 19253e2d594de65ac8db94a0e39c261e3bdf767c5ad5b243e116274caa86f61c
SHA512 ef3a1f497f1f69cb1624577414fa9b23e46e9d37a92616490fbbccab58f643f5c1637c6fcfe7ca577b9ce2313888e1d66e5e45062733453d3af5f0757666ab3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68389605b50684a8781c79773130b26
SHA1 112ad96b9ec6a8ea39cf746f6c59d65da34f3ba9
SHA256 cae5f1e0ab071a5c95f1d2a15f4f0778a32a01acea41c427e985629658530a8c
SHA512 d3684dd21db2d8a65f561ece3f1bf61df9895bb98a3f5072160fe3b4f544d38b6923733c4cd445321ca0672312ab832b6dd47060ba1e60aa1fb52d216f3975de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e850be269e2522c1420704b14973aa4e
SHA1 2a32295c338528916b0f7b313af06472e6b3be38
SHA256 db8884372bfa2fc4949515642d7b4bd2b09d6502e0b31b9cc9b7281ef30f9ad8
SHA512 0faee747a9c23b1c48bdc623b19b040f7fd9fabc64d7735389645e83fa25ff117816c8bece68729d037f19cdf5a4f27e5d3b427f88244adfd72ede836322604c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ENE2EEUC.htm

MD5 93b84876b608cf23c5b485f9e479e418
SHA1 0564bc556a45cc9152f2f6936962fa4a3ad67eb3
SHA256 c3317cabf32fe4d4a8a56a3b284cb84f549953fe81d747ae50ba22b39c6c31b7
SHA512 b4a7855585146d32429c51bc103dbcaa36dbfad04ecde8133ad50b626ce3d661097913eff5af4cfae4b77f7bf1a1ced6b200805f90714be6c2c40d4a39d93bfc

memory/2828-775-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2764-774-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f5decc127cf52a74b9294bb1bd0156e
SHA1 f750c477d6fce8e1ffa70fd7203a23f2c8cd9d37
SHA256 672c03ac313ae6e245c67fc40303220f1d8c9b8af637824991cf438f9df051bf
SHA512 ffd1da6d535103a4ed5140ab9315cc11794b0537c577b57ede10ff83726eec74e0f7d10cc4df00e472f034bec0aea6515238d99a6c050f118e1d30db467a94a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2223d574fad36442d5b8b3ab9fed8495
SHA1 2e7d0ee89718bab04258c8d2f75561fd57be031a
SHA256 9298ac59c45b5338107ce3a83a90977f09035913bd9d6a1f87ead7983c5226c6
SHA512 e0d3bb1f7c11ebbeb9cb2ec9d573a324dddffe5652faa36e3eed0fac6305d7e91d395206d61c150b8cf91b703bbf19aa7bde5f53ac6c8fc7569233f9919168f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2332b23c6772f867c1adf1541da28027
SHA1 b5744dac5abffdc94f835221aaa85a6e3f264556
SHA256 12e7805ee9072dc411026d781eae4b8c3f714c458508e3233f6e3e5573ddbc2b
SHA512 0ff5fe8cdc99ef979cb00f4ed5dabe21988025ae0e6bfd73ee56d4e07179029b6dfbf19fed8b319c57e6c2cc23e1ee79dd021a7e9a7608e2b73f48597722007f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f594ce2e064657b695e7a1d806df123
SHA1 2a52c820569f2684dc7986eb030435d5fad84982
SHA256 c2e56c0de6ff643c68b0517486d7402642b7a523e931067c0875ea9e0eb1b7eb
SHA512 6a93073de8f9e3bd9f00477cabb7f669dfa7c9f3c43983c3858a4f1cfa8a84fb1ff08ec15801469dc0f347c00ea43f1859165c777f25f79f9da27a921ebc40cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 404a9ccaf7a3c34594a8e92d8c6b89f1
SHA1 ba67cb40d7abc6cc0007634b4bd1dd6a4f716d1c
SHA256 79c2c7969dccbb5ce6a77b4a968d96f5759a0dd916792cd4783f0155af2fd2dd
SHA512 61fbfbe717dda24dc509d1240184036a683f83b0eb894ed5e13ef4228403ea437b3de747c12d785234e8d8e86db4fb1a9bbb6fa24e46d6669436084ede20b377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0013a9e7336ff93d71e01f488e9b1c61
SHA1 51aa881b9d504a946c45f7008a5ed906a598ed14
SHA256 c68f56ce68d9336ba8dc297d98f56b7fdc4bf0992eaa9e8d13fe906a4bbe9cd3
SHA512 e96b700e2b1251c952156edf858a1495bcfeef22d9b28ef8671d56d14f9ae026fb6e2a20879a1300cc9a5246e36293029744692a07168c96d633a338f80391de

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[10].htm

MD5 d32a4f634070110aa710f16f3100e4a6
SHA1 d24a75db50ecba642637df664d355cbba8c431f6
SHA256 92ba375e4f160954399353953443c7da38e070cde65f0f55dcc13b0c58c137b3
SHA512 78322d1faa7d7c30849b5c230ac6368871acaed7d3ebd4e2e85fc64948346d1422cf789765c799bd789a6927a67b72d02939d16191fae3e3bfff4b7ff2705dfb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\search7VF8PJB8.htm

MD5 46e2ec0f358f4510f0be44100b35d7b9
SHA1 781fbeaf0aa89644c934d1f0549f09d1cdfb9771
SHA256 691fbc565e0fff4c722efdf81cbf86f520395eb1059a0e15fcedf14cc7eef48c
SHA512 65ed11ef4d6ddbec0aeb3eebeb328d678b7da2a3eb3b9b8ccca02a2da20d477ea817ecba8d93c913a941e7fbebf37b302a15a13a6e24987f9b03b41a69fe2ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb2e36d579c5d618b45a98f91677ba3a
SHA1 cbc96e5270d3963b52363cfcb62aadbbc9910adc
SHA256 8a8ca41fb1dd3110ea358e937c63a753084ad033aa37530145a19e270afa7e64
SHA512 6b398730a9c9588a3c28a1bf3dca28ca6c8d9e6d4b0fdbaaaeb20dafe52905a541237806cd05441e21573f5dd5f012c6496dd27f89ee85847008c5af9941fe50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaa48e84ed0c82518673008f12d79b59
SHA1 15f123e3b774543bcfd4d99d187439c81178bc4e
SHA256 abac8ab0a581dac7955e6188149b2fa622f0d11d46f21cd131b1a7a49a75d9a8
SHA512 1d9500816d8029487bf058298f4f294d651089a150eee6e48d02f3c7aa5b6da4b90f6e354f3500f12a412bdb5f88e89b72bd92decddf537272d223949f4a066b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41c3d15c6012bab9d739b939a896b4bc
SHA1 c797e48cef37f5301723ed1921d60658f2cccf42
SHA256 d4efb9dda377f47a0b881c12a5790993b86c079ec1b3a7f8f84ba2f9c2ae5908
SHA512 761609318fcbb4301b8d4faefd6fe25dbc5e0dfcd346d41860da479419ea4504e6428de3153d983c7ce8928d3efedef05a2a03cd7242854d3e96558975022265

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8defdf5d5d992466a6f54ad816cdb317
SHA1 df4e9190b973b50f0548e2c00c1336529ee1b845
SHA256 e91465ecb5031bb4245ddac247430c66d5ae770ea1fd139ca0b0d0d65d3b9897
SHA512 c542dcfb6e05463a3cf1188967085c6fd38abf07566ad881259b678c908462a9ba3ffc2d751c9e4b8e39e5964da2d21fc29c6744016d3ca1efb1b26ded0a7af5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search37M94RQ7.htm

MD5 b6859235778a0f7dce0243a22a03b740
SHA1 b7fc906578aa8f563e0e3061b04cfd6e7339bcdc
SHA256 baf6890641fbecb842aea65a6bffd29e4d6516bb9ef8e141d425c65653154282
SHA512 1a310f0c8e515c486561fb3411e6e2fc43347b28b7f7b5f93667d992ab19b6a8f06a992b4cf41872b876b120d343802e2823554ec83faec25e938bb19c0f9875

memory/2764-1662-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2828-1663-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 12:34

Reported

2024-05-27 12:36

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\c05bc468e44951935a58c1323d48a070_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 10.200.69.243:1034 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
BE 142.251.173.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
FR 172.217.20.196:80 www.google.com tcp
US 52.101.9.24:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
N/A 10.152.243.207:1034 tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
N/A 10.227.85.66:1034 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 mail.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 8.8.8.8:53 mx.gzip.org udp
US 209.202.254.10:80 search.lycos.com tcp
US 52.101.194.14:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mail.gzip.org udp
FR 172.217.20.196:80 www.google.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.0.77.20:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 outlook.com udp
FR 172.217.20.196:80 www.google.com tcp
US 52.96.222.226:25 outlook.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
FR 172.217.20.196:80 www.google.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 hachyderm.io udp
FR 172.217.20.196:80 www.google.com tcp
BE 142.251.173.27:25 aspmx.l.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.2.15:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
BE 142.251.173.27:25 aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.146.226:25 smtp.outlook.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
FR 172.217.20.196:80 www.google.com tcp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 snai1mai1.com udp
FI 142.250.150.27:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 snai1mai1.com udp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 mx.snai1mai1.com udp
US 8.8.8.8:53 mail.snai1mai1.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.snai1mai1.com udp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.11.3:25 alumni-caltech-edu.mail.protection.outlook.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
FR 172.217.20.196:80 www.google.com tcp
N/A 10.222.21.129:1034 tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 tcp

Files

memory/4168-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1652-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4168-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1652-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1652-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4168-25-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c947e844f0172073207d18d3af3e8d90
SHA1 a878a6e48a35c0b7db904cb0425f2b42ac056556
SHA256 8ea54de038cc748ae155c2096985b28aa77347484c50616c7170fea279fb69bf
SHA512 72fe0e54ca5520305e6ab97177b75bbf8178484a21c76101180164fffb98a50d3e653d72efd8f6d8a9e66f85b749eed4f2a1049b1540b96204735f8cc547ba4b

C:\Users\Admin\AppData\Local\Temp\tmpD59.tmp

MD5 11fae0336fb71eea69d394c52aa615b6
SHA1 a1164d10d5ef16737f8b064ce1d90cba6314930f
SHA256 0d94391977439943e5144b143669756a90f781bcc8ba76869db7fcd362099f1a
SHA512 37d12ae62145667338c3ebb63d949c2bd8f59efacd621d9a9962f3d866411ab7e6dbb492518dfef6b76833f463fb6f6ea6f3f4336f2e69985fc1e4cf06492545

memory/4168-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-77-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2PB2KMGY\3DWRQ3EW.htm

MD5 cfaf7dfd4e85d6ae7e5f0474095ddc65
SHA1 281f974ec88490011170fbda102d6c53da8674af
SHA256 36cee9d7b59924cb62753550866278e55153c457b935a6c6881641ed8368dac6
SHA512 8a6665db1b7fe91ca197cab695fad15c97fc7e3180a6e87cd28e3dd9d9ab08056cafa23d837b5dc782a77f987914b7e2e779adb5dd951789d89fc0936754e8e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\search[3].htm

MD5 311a427e4103de22067483d345cdeec8
SHA1 cda55444c8272ee5ec940cad1855fdbf79b477a9
SHA256 ae6d33ffb4f27cbae16721778c034d4d3df75e0cd319fe55bc078ce7f4c7d7ef
SHA512 60e261448fde57a004c86a8f65f79744e9e2cd4bc7aa1046f5b4536007c86e6177386661f87f0ed9bd387d7042db36230a5fc6ad129712c2dbeadd724d33377c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\search[4].htm

MD5 d5da4ae8fc4d3a755d57c2c813d52c80
SHA1 8e37bbb09e36f1440e509e005f68ea861c7b8697
SHA256 9673a5d339d9eefd27db97ed9314c21e92e5c7bd378442c9eeb537497f9133a9
SHA512 227321c9260d924fdb13f066ea3c189063524bb8b91b930e799dc31d978d4a4bd874f8f49abdafa4c66ff6d35d675bd733539b0a47703c6e42d349ca6ce80bd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\results[3].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

memory/4168-207-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-208-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 5ee3a776a403f5ff38af11b474108cb2
SHA1 5cd2cd714b2c2a81fd28e6b9aea62de5b19c480d
SHA256 cdadc8947d5c895297cf8f3a0e146e73bb97470438d00f38a2acc26776792b00
SHA512 4169e68dc0669e3c701539bc212e32e6c673ced6b4e6ffe86c2fa02b9e6f277c6b51d81956f97b94476b20e6f715e6a70dd1bba928722ee85a121b6b1c878fac

memory/4168-236-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-237-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1652-241-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4168-245-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-246-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 b1faf13a405b021a56ac6b7a4ff15323
SHA1 e3c0faeb7c944f47e14e6211d01c74c221737584
SHA256 65cfab04e67b7bb16a3d3faeae29bb2270d99d5f985f6912fabc7b903d0cab3a
SHA512 b224cc713fde228edad82e94630fe4f6c57fbd1f40168008c4561c41547107f9049eef2733f3901679e4030546e995e3a694af05a7af96e3ec256a2faa1a2875

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\search[3].htm

MD5 cedf92beb713036c25df8e4368af025f
SHA1 140ee833df04c295df19028ba5deed9a0440fad9
SHA256 36a3bd0b3c3a654cb2368c8391ebef65d3a7f08e2070397804d89833a9f56fc9
SHA512 d1e1c418044d5fffef70603bdb05aba2d2cc38f19b06978f27029cf756adc990c84c986c20b343dc16d474f815578672b91c0fbc354dcb0c4efd362809b3d5f4

memory/4168-369-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-370-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\searchB7RUBR67.htm

MD5 af7315f47d6ebef16ea715164687bd4a
SHA1 67276049ad8190e04d372159cc7922bf8e3f1946
SHA256 268a05ac647a62453bf01f89de1ba6deed5413bcf81d18985915ee5b60755445
SHA512 ea29e46dab1f0a711c8ca286eb990cecc36d4b6d3be1b614c109c3f896528406ec033343662348ac04f68b8f3258cf7160fd885b162c2fd98a0fd368a1179e52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\search[7].htm

MD5 9453a87baa8530333385364143b4a719
SHA1 cab97699a76ced21a8c5582a5e8a1ddddac86ad8
SHA256 ffe25cc11ab431d777381efb848882a28364ddcae2b5d87f6fe82cd689dee1a8
SHA512 baba2da03766144ead8a0e6372230432ce77ab4751d238de65506bd42352a81ab2be0d9867d19b6aead54ab03f1f3aed883e899f8dc317b65fcc5e1c5f85b484

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\results[7].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\results[2].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\searchIZ7CJ67C.htm

MD5 918bc8291a858d4e9fc9a87ddb3742dc
SHA1 ce1aa1b6c3525a1043a9ef11b6e4e7fc7432b028
SHA256 c958e776441e4af900de92000633f264d08f1ef3d7a36da0920c93e57bfd9bb6
SHA512 6fdf17caf8d5b68df1843fbd3062c28fd2f659a7db8cbd5ba06d26810c50916bb0caf63ceadf508273a0b13584ff9cff8f5dcd5e57eb0cb724e9e1b8bc36a246

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2PB2KMGY\search7BT99Q3R.htm

MD5 160a33ae28c67aec3d24ff6ad6ab71ed
SHA1 0d1e2a7533301afc354c9b75b7d7e541460efef3
SHA256 8a8b643a2f5df8a0e2d367c6ca33872b264afa6f5f470daed15eeba23b22c602
SHA512 423c0db1ccf5f0c3056ba4127f4ed89196a483fcb2f32b6aeb330635e135529785956348f202dc83d5c6ea704c9ce52aa30aec4e917a4c6f1b6cc47bcb199f56

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2PB2KMGY\default[6].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\search[8].htm

MD5 7823aa3bc3e0fa9f6beefb58845119df
SHA1 e3c762014a958b1a01418373d38e94e1a7c35d4c
SHA256 003a3458ea1a70266e795636d6e983f647b9143f313295c901e430f7f83c1415
SHA512 04c7f1b75214744513d29b597088cb8b15117aa78dd063a4737c53f60c593e08bc1d2ef9bb17e53eed0ba7d37b2d7a960baf1982770a7d390ae1d0641889f193

memory/4168-518-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-519-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2PB2KMGY\default[1].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\default[1].htm

MD5 69c60ed308101b5335bf8f3965de4cee
SHA1 46fa4e015d3074e5278f30246dfc7e52395ee164
SHA256 1b949aeab999aed6ebea087159db61393d411edcbbf228b98f4b5c3d8711ad29
SHA512 4b3b388f53a35a0f1eb44706723d2814f010095a8629d692e8d6542ac4520e1f7caaa7a6bd79a7a00ed97bbd246fc8d74f51853432e386685d6771203a7d8ad9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\search[9].htm

MD5 f96958a38d873c706cc2da1989406b36
SHA1 e26f81436c80a0e75560404c3ca290b54f44e5fd
SHA256 0c91d2a51a1b264a0dd57ffd163307d369eccab7ea7e29913263ea825bcd5bf0
SHA512 01ce6c33ae7b02f05ffcf25c279c54764013b2d85444a8a468bfb510a05bd34394835b021c6060613417104138370eddaf2658affba440594843b9b8a70d05b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\search3P94CU7Q.htm

MD5 1972d429e6bd7eb21d3603c41a83f336
SHA1 36027108d4513a8526344192e5f81efc00e23317
SHA256 245384c2385755d47f154c89d384c68a4642631c060317037b43c5befbad7f77
SHA512 e583eb5c568044d8b6d7a70222cfedd31b2e3712c68f0365ffe20e4a32b3b6ff9de60ef3d94d2c130e7a16f46a0b582ac6c7bc6649eec6e3a47455af9bc74acf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\search[8].htm

MD5 d8a339a365575cd8d911eb9d6f32cc43
SHA1 8b8ad6f0735e460262142f8bad4a617ffaca4aac
SHA256 d01401e402be43c5e3c29211390ba602490bfac12b4253a21717eb287876e7c7
SHA512 c422ecadef7305fd48b152f04ba2fb98dc2c517608f5dcf630a4db55885e3bb21dc71a29465d52376eb3ba401c4fd14f6f50b54e60053494b0214471fcd7b1cc

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 509e05bd3369fbb79676bfab1da9a39a
SHA1 a71a8aad5fc7a16e2231a24907ec381e6dbcdb3b
SHA256 60ba5d05da66ecefe99b88a27943bb97c4df911803b40be8f8098630bc44ebe0
SHA512 5ee47065f088cd419e183a1ca557c8e03466b953681958c935dd4521d505064cf67f91ada36a76deb7ee11cca98cb992ed1c4ae5197cd8148270419fef9921e9

memory/1652-650-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4168-649-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\search[6].htm

MD5 a51873bd1f3520e4ac67fa514f73e1e5
SHA1 83eac35f9d1e2d5d904f19abd977abf4049720a5
SHA256 d77fabe841f10b0509268cb30b952a0ba9f47fc933b7684013c2e13b2521f378
SHA512 9031a35c596335c55ec1638b89026c3393d128a45dedf2d9017f74554a813ee2ed257ae6f514f564e25ba56c7bc2657899509e68af8039b2fe320a74e5075b5e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\searchQ23D0X6J.htm

MD5 1a860d33e17a5bfca6ba05028812db93
SHA1 42a24bd039045c4ce47ca6dfea332b6eaaafa011
SHA256 f8ae3d430349b7a351c2addc1c3a61ae80e845a288115bfa02beeab6474361a0
SHA512 c62ec1f9d18d4b99630db7f77af5f04d19df650910db7d85fafebc8de89ac28d1984ff521228a2a09b48534316a2e63f9722b24891a2884ce30a80b3662ef336

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2PB2KMGY\searchHV8EN6A6.htm

MD5 656adf03521bb1f2cb466a7180da051d
SHA1 8f84cbc1577f2d927ae388a7bc91a94ba3b95b3f
SHA256 ae876187a0d69d123e5c07f6f5eead1af6940309085af1807ef9d6ec3ac906a7
SHA512 8e4185eeca934dd66b3e1dd998b64fe727c6ed09369c67f98dba25f5997e2a792b315eb119541ad684c020aa7673d47fc4eb63457d73bb1dac4dd1d2049b4942

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\search8SWUXXC2.htm

MD5 68333d5161d197f5e39ae3663423d9e1
SHA1 9dd218433dcf9a006acbe8938fc742a896e23edf
SHA256 f2b9d3dc8216011f5faec12bee32257eee30009b3eec84f979b9ac7e8ca284f3
SHA512 e7b0f2f849bd8d9e6d081aef5bb701e70467db4758a0d62e5818de04d2d1b3fa508cf582ebc02e57a1c9d99cf285ac989671ddd5ee69afbeb42aa05fd2db04f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\default[1].htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 6ff1b592cf96ed7ad05c9d3fdeac977d
SHA1 bbcc4387e49507ea7bd5189753979ee475a0ca91
SHA256 bf3bc29a2bd29ecf5647848310e1a8a72f1bc9ab0d0e6bdd7d9e4ea166bdb27c
SHA512 e3f011d90a27238642ef12eed4e488b87ee3964bee433007b55c6b23257e7a5b895464dfa45552fe31ad7326df3b0bdfd638beb62a5e93a2c3f68bafc92ec443

memory/4168-799-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-800-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K7TNQP8W\default[5].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 ae45cc9a6f807d222c6c067998fa00ba
SHA1 f2b519dff4cd58a24d6c9ccdbe8d5c0c34f0e98a
SHA256 550bb76cec8ca32ad37dc26e5a45682c85c2c8f792393addfa3f966c7fd481b9
SHA512 debfd136c8fe2b2b13e424561e15067e666a5aa804f515ab08b76f03ffb9ebcfbfde02c946d14605b499fbba22dbd5a43cfbdbedea943f30e607c9415a853a94

memory/4168-926-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1652-927-0x0000000000400000-0x0000000000408000-memory.dmp