Analysis Overview
SHA256
cd0df7a520a86076261a8c1dd79576db6791eb9e1b0c8adca992dc52a70faee7
Threat Level: Known bad
The file 0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:08
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 19:08
Reported
2024-05-27 19:11
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 5092 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2948 wrote to memory of 5092 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2948 wrote to memory of 5092 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.16.1.2:1034 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 192.168.2.17:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 192.168.144.131:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 74.125.71.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 52.101.41.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| N/A | 10.91.78.131:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 52.101.41.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| N/A | 172.16.1.3:1034 | tcp | |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| NL | 52.101.73.20:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| N/A | 10.93.103.153:1034 | tcp | |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| NL | 142.250.153.27:25 | aspmx2.googlemail.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.222.194:25 | outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| N/A | 10.65.120.153:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| NL | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| GB | 52.98.145.82:25 | smtp.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| N/A | 10.87.149.58:1034 | tcp | |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | tcp | |
| FR | 216.58.215.36:80 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| IE | 212.82.100.137:443 | tcp |
Files
memory/2948-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/5092-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2948-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5092-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5092-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5092-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2948-30-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 67066f9d5dcdbfba570b36d7376edaa4 |
| SHA1 | c359c3eb4e42a54e74dccc6673a29f0a362e6803 |
| SHA256 | 70aab7e2a7a774c6e72d13977328e819614850833d765bee6d2bd2816c94dd14 |
| SHA512 | 4351a4c168d925a5fb5a4153cdc58174b8a1c4be38a6f7cfd0997ae072f7a380c72391fe7f7a07608b7f089a73795d52a9fcfa3aa700ea86c377d65be85ccc8a |
C:\Users\Admin\AppData\Local\Temp\tmp2BFD.tmp
| MD5 | 7a282396c7c2f40b3ded4a2eb5108a67 |
| SHA1 | 2dee9512d50149b21a67b652a8c165d02becc427 |
| SHA256 | ee32cc55e633cf5ffdfada746c2c30e73bec35aeffec769464f0df855974f858 |
| SHA512 | 4ae71f2d1778ac4a0cecd663df7cf697d3b6ab39231526d6db227010eb8937131be14d70aa53f771c782b8c3d3d93faaad3d00d0b5bbaa0957f80f3c910db364 |
memory/2948-86-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-87-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\P0ZN6D15.htm
| MD5 | 94ddf7283fc1c58cd768d490f22baa96 |
| SHA1 | 6abf1083c25c6a9453bf0b63d218d26d7eea7fec |
| SHA256 | 6d17964e69fa064d8e78b4ceef648154520039c564f5d39c66148006f8c89dc8 |
| SHA512 | b2bbd5491192d7857053d642b21bc2d0aba9be40308c470ae23f6a4f35b4e06f0872df4a11a7d366a255c71afd3a401bace6f3f726aeddd12b09678200d5a330 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[3].htm
| MD5 | 2e0a8ce9d6dd59bffca0abd3b00f4bf6 |
| SHA1 | b946786bfb31cdde8c1f60d9505c386170d5ebc6 |
| SHA256 | a333b65a5be28b7757fa57a964a551c8c925a9ad494430678fa3e7f61281137c |
| SHA512 | aa65ed919dc961880b9972e71bf63a42bc15a56f926a0447c4c7f1401cae35729d24606ba818c6643df22ae167c49a8506cfcba091defc6ab0a5ff85314170a3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\results[3].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
memory/2948-240-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-241-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2948-277-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-278-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5092-283-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2948-284-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-285-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f5ca128b17e8d404992d2bee011c0600 |
| SHA1 | 438796766b9eb26de1b0594ae2448d1a90aebb7c |
| SHA256 | 5558ac944113a3582d6bbd02633feca4bcb546b54b0b81b4b10cc29e14949aee |
| SHA512 | b4510f1411dbd94424a83bf8bedbed40a48da2fd938ac43576156cf547fd8aad9433dd5a5c664be48cdc2aed4fcc02f6c9986b242b331b961c9428270a51198e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search[8].htm
| MD5 | 66dddc9928bc1a01d1fcf7fbe66eda29 |
| SHA1 | 8d9b6d5924c8080b7d2e969765db9f1f105a6758 |
| SHA256 | e0a246ec37db6e1a964f18f6b81b1ae18061e14917893752d8b662632ddf0c34 |
| SHA512 | 97d3ddf4912c7716969b2a0ba963c2e68d184b21ea18cc6a10a03d6855bc6dc065c26e19cf8126cf33c2e91fdde861905d84709d6831e41ff8ce6278c3defd57 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\search[2].htm
| MD5 | af74568671f8ebd0e8342790d2a8297d |
| SHA1 | b582262bccd9712ca865b5602011d9eca50d09e0 |
| SHA256 | cb3a03bdca2b8f93f861095053ff88fe79a71f1782a7e40241e6440c3881307d |
| SHA512 | 4de09d06d9d92db380dc8d18de0ff12ad44d24b0a0b8b715de39967e9ce23d9d7b304e90c807ebd99268a5045a65a15d4fdcea50e779a93e136669e659cdb19b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchUMFPK8Z7.htm
| MD5 | be8a455a9d24845a1d6cacd178bb5402 |
| SHA1 | 6bc51bcff5f9f96c7cdd464efded33f0f2c112b9 |
| SHA256 | 998bc02c9a31982d50e762ec2593ff9897d6d5bb0a847665e903608271d34704 |
| SHA512 | 4617c4a9afa6ed1e7d13a46709fded57b57876e1a34dadc01e75ab06d2889ab3a16b8fb6d30ba5cf4e8aea43dd70048301a5a404ae0339ce3fb2758c2601a09f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchQM3DW12I.htm
| MD5 | 14ebc711da867b87a9d0f297d689b330 |
| SHA1 | 89c357669eeeda85e2b37de234c8eeda069d4c6a |
| SHA256 | cd68b1b95add161d417a10cdff269d292092d92b64509e517142861df67bd04b |
| SHA512 | 2252237401cbd81900c5fba7f1c13de455d6517ca337114c1ce4d21713fe290699e96ea7193248d4f1b5d2870223486fa4b033a79ea7935501477b45263c1107 |
memory/2948-432-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-433-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[8].htm
| MD5 | 24eda926e7072ff2e9c989945403e2af |
| SHA1 | 3fc3c66e127357e264be015c56f955d879dbecf8 |
| SHA256 | 959195df5389933d533bba525de59b60ff48e3e1ca6b94f38392564a391db63f |
| SHA512 | 7e1aae226749f3510fe3d8b97e5a47396fb4784268a5f625a359e11d8ed527e3dd24de42d7ff5d744d8de3ef6faee2cd966f2f3b945833ff80f1ca6efa198fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\searchRSX103WN.htm
| MD5 | ffd4ae2c4530e2d6a6aa77226ee5bf69 |
| SHA1 | 8443a909c727f08f49d8fee3e8b79f3ae7a3c680 |
| SHA256 | 12f9287dd4193c4b6fe257b5f0e680cbb6139c9fdeb256b555404068157948a2 |
| SHA512 | 285dbf72a0a50b8ca5c4528ffd1b01f1d70c658eb0915fe17a64003b61d45ea5cf6eec581c604b92b39487a16558ae020da971a0570d86dc57999faf6198997b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\searchTFOV6U2F.htm
| MD5 | d209061e51697cf3ebcbb6e70427c2cd |
| SHA1 | 977d9e1df0e18372f104bdbcf6b06da6f5bdb787 |
| SHA256 | 45a5b494e78886b9201a2c134bb98e108ce554e51e8563d459fddcc17eef49bd |
| SHA512 | 44e55ff51bb49045cb639ba5ebdf3e040c288fd9e485519749ef35ffa6c08cf86b59f6adb05158ee1f24161d92b44442bc9d8e94c93d57a9118f67d05ee6708a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchKMALNC02.htm
| MD5 | f7937680626b9a5e317e9e65709f3719 |
| SHA1 | 198ce3bfc17665b24595fc65b34c635be0c1f36d |
| SHA256 | b35a6caf11822bd0c9a954b007e3860948f41b38009f452628aa40e2e435a24d |
| SHA512 | 54e817d60c6e1e9fd6fc207a4ec5703ba77e802567142d65ce1cc92059fea3d81ed67a1bfbff79b7c9be1f10a6ac8a4ac33687d5c4f6458254663031de007eaf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\searchDNNAVCP3.htm
| MD5 | 0535a21692df9b5d0bf89cd8ceecf25e |
| SHA1 | 1eb61b0206be075f9f7b02a7ae279282f2c0b5bb |
| SHA256 | 1c1346cad74e0e4688dd1a9fbfd85f8de3ea6c82c0a8d5b1905ed510a78be8e2 |
| SHA512 | c2805531efb54394feb049108d3abf97279a2052f993e9b76db44527b2ff602e176cee458d12e42c59512338d2ee40099ed90f434676bf7a840bfbacf468e979 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchGV4P7GOQ.htm
| MD5 | b14a6e9dd469418bc02fc2f8a0415272 |
| SHA1 | 50530feedf9f1b9cd88bc9534060eec9b6648ef3 |
| SHA256 | fde60442acfaa3299a6ad5dda2028124f546b775732684617a8cb11b7370f51c |
| SHA512 | d5add179eec5c08dad775a68ae16f2e7350d752b2a041b7100965e1ba9e3ea4a9aad47953abbc866d3ccc082eac3828b10922400648f5cf6881142f06e8ca29d |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f0d7461e2ba7b72c51d1f4e19b49bff4 |
| SHA1 | ed92b2e53efd23637751927a13a8b9b8ab2bd2fe |
| SHA256 | d454a4927335d7fa83063af5e927efdc80ca4b908cb5a3310a0b992efcb9cc3e |
| SHA512 | 80eeabb49452b77f1b1062fe4757e68e70bd54e526197d34e701e76c880b070eb29570e800ebb3ead17c238d0d799ba409e3e57c1ee8f550b62ebf8090984820 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search[4].htm
| MD5 | 919b5ede011d426257e8d35c9fb842a2 |
| SHA1 | e8b7e0f1373540155a1431028346c7f6c1b8d3ec |
| SHA256 | 9fc7d5bc7c7bd42d73954e98c1959b4cb4aa83b897bfbed03016e024b278b70a |
| SHA512 | 3e2715fbfba532df9441727235805e50c195cf8328fa34fe8d41e42c311f17041ac0bfe0e7f5487a071668e388f469a654ec82d1965c33295d0a591b12f4e5c0 |
memory/2948-626-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-627-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\default[5].htm
| MD5 | 14b82aec966e8e370a28053db081f4e9 |
| SHA1 | a0f30ebbdb4c69947d3bd41fa63ec4929dddd649 |
| SHA256 | 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf |
| SHA512 | ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search08HNDAVD.htm
| MD5 | f446b202727df6a62f8b196bdc70ebbf |
| SHA1 | 1b6a12d57bdeb3cc6cfb4dc3fc9b3f40ba99feab |
| SHA256 | 49609164ca59f0e3b15160af6280ea7befdb1874bb17be3b02ed64863823b0a3 |
| SHA512 | 49c272292f7da310633c44cb3da87cabd804137507691a80ce7ff83f5a3d12dde09a15366998116017d3043acef13a4f17d529fdc295e74f87e0988acba75b6c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\results[8].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\search[8].htm
| MD5 | cfc1c1893db49cb5121ed7075fb529f0 |
| SHA1 | de677b1a254973fdbc6a25f148a59f67d681899c |
| SHA256 | 09b090a23bab2c0a467367c80b48ade5b5db2fce25248c6a61b363c1d9ad1fd8 |
| SHA512 | 369a71200cade976efa064961b9412082d7c6cd27c5fbc4a1cfc97ad5e1690189f29bc6b3452e218a276e152452ea2ff75e281fb42c0cfeee98c62343294d97b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\results[7].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\searchX9189U81.htm
| MD5 | befbb11df63f8951c0f7e2500bec482b |
| SHA1 | e86fbb0ed3bed9930efb9ba65233a7cdd44cea2f |
| SHA256 | 8b8c8db359ab8b63d7facbecd88c8ef5b86b6135100852c0ba472cab7f935d30 |
| SHA512 | a6b556f78e452515d1ac3408352a1308a5b688fdac1966d5125b76b20d89d0b5c9f044d051b5763bf5b7a13b11c0b3e59b9e3ce4c45a089a323c94eb38fbd6ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\default[3].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
memory/2948-784-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-785-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\searchS1GTHQL6.htm
| MD5 | 16873ed0f4720d1d10ebfcb5bc54bcda |
| SHA1 | 9ac8f3f14af564b8bc79c225171d26b516e8e0ad |
| SHA256 | 84e55d43b17b86944ae1f6dfee4e3af6a7546a1fdebaf31b2d66b413a7cd9a61 |
| SHA512 | 4ff710facfa2894f54d00fe4f10f79421e7cbfa3881834e832f64463f6bcb687cf538cd41606bc26a37a067b01e7dec36c5872fba5b96f715f056fa524b11a7e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\results[8].htm
| MD5 | 3482ab4494f2d9844af5c8d5dadd1908 |
| SHA1 | 4fea19f5beeb74d22babbfb970954ea32ef9735c |
| SHA256 | 7d7feca72092e807f6f3e3dbcb08759a3f509277b43b4929f491a8c0e568b5f6 |
| SHA512 | ac3c3503aff86ccbeefe8939ae02d48db19d8c78b3bbf031996c29b5605bb1e128cc434bead88a6affeb6063477acfc91093a18a8a63096c7f03de5ea5c61afe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchJ9VCETBL.htm
| MD5 | af4d04a39dce1b8cde1626b39c346c09 |
| SHA1 | 8748671d6b6a16514a9d627674aa4365effdefb0 |
| SHA256 | da77c199b63885b8d12229cdcf6789b2eafa6e041734dda29b30f901ba73c46e |
| SHA512 | 4243915275c101bfdc1bed30ab4717644f05e984887400f4d82c6b03554f396cd782890472cdbcb5bd39e8774c1d603a87b96d13a982bc6d9db83061da570514 |
memory/2948-941-0x0000000000500000-0x0000000000510200-memory.dmp
memory/5092-942-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search7OL6QEJX.htm
| MD5 | 50eb6d551b6f6021908a7ee27da41681 |
| SHA1 | 1c834daf5fc1424ce7076f1fc18f0b41a63265d3 |
| SHA256 | eb5cb4b964490536d8d19445bb67b9d1f59712487c194704110849893e408a2c |
| SHA512 | 2f4d924f4fd99f6e9f7382e4deb9a9792ef141ae322f47a59ebc9c8c4aba163eca649b9e43efa30b7b3b308e811fe85d0f9c8b34c41b671bf54583b87cb36f79 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\default[5].htm
| MD5 | cb42662caffe525e9957c942617edf06 |
| SHA1 | 615009db9a1a242579e639ee0fc7a2a765095bfe |
| SHA256 | 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15 |
| SHA512 | 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchACYY74V0.htm
| MD5 | 526585e3bc355faa8191905f8e42a2d8 |
| SHA1 | 35a0c6ccb583971e6e47fab1ea00bd04b1ac845d |
| SHA256 | 508f1e0d5c7328bc999c42afef1c9a237cd9044a987258c10ed290534983c110 |
| SHA512 | 7f2000f56582420a38c8866eac9d6d2c9f85c45954ee49e9a5a368f92c871e704042de1c97c6db1021cb771688eb41802f059b8ccbe47e19d0f50c509c6084fe |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:08
Reported
2024-05-27 19:11
Platform
win7-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 2140 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2180 wrote to memory of 2140 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2180 wrote to memory of 2140 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2180 wrote to memory of 2140 | N/A | C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.16.1.2:1034 | tcp | |
| N/A | 192.168.2.17:1034 | tcp | |
| N/A | 192.168.144.131:1034 | tcp | |
| N/A | 10.91.78.131:1034 | tcp | |
| N/A | 172.16.1.3:1034 | tcp | |
| N/A | 10.93.103.153:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.41.22:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.65.120.153:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| N/A | 10.87.149.58:1034 | tcp |
Files
memory/2180-2-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2180-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2140-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2140-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-16-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2140-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-23-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2180-24-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2140-29-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-41-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2140-55-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-59-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2140-60-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 01337d2daa69cfe205a7e4f69456b4be |
| SHA1 | 006d87c359ffaec7a3a24c25957e4db5c86ed37a |
| SHA256 | 6cb5f1accb7ba4b1cf6539e9be3d240c459df45dccaff76ef637706562e2b10c |
| SHA512 | 0def00a3dc6e3c9f8bd9950cfed6341cf01a4208fb5f164a5471c0e6203e21c074dcdea7073301ac7febbf39cbf61d1d436dd143469949068d49929b10fc6883 |
C:\Users\Admin\AppData\Local\Temp\tmpDD8.tmp
| MD5 | 69eda17dc8662368502ffb8e3416e207 |
| SHA1 | 392c964e9b18fd8573737cb3f12a24f5f09064f7 |
| SHA256 | 4fea8c627b94da362d2c4509eb85d8a1bfbd710fa9aa1922c1208934fe7d3c15 |
| SHA512 | 3aa54cd19592c7e873f88ba545ee10054f77d6e8c49e2551a2663603be42873a6739934dcdb0da678e9cca3786289c04a11959bd7627562ff96f9338dc31006f |
memory/2180-84-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2140-85-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-86-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2140-87-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-90-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2140-91-0x0000000000400000-0x0000000000408000-memory.dmp