Malware Analysis Report

2025-08-06 00:22

Sample ID 240607-tl7jpsbg97
Target 6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe
SHA256 48c778d11922adc7f82f7a475e5036e0acffd4667623d7113cd45bd81760a595
Tags
upx persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

48c778d11922adc7f82f7a475e5036e0acffd4667623d7113cd45bd81760a595

Threat Level: Shows suspicious behavior

The file 6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx persistence

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-07 16:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 16:09

Reported

2024-06-07 16:13

Platform

win7-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
N/A 192.168.2.108:1034 tcp
N/A 172.16.1.166:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.9.20:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.14:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.14:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
N/A 10.127.0.3:1034 tcp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.9:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in.g.apple.com udp
US 17.57.170.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 search.lycos.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.12:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.251.9.27:25 alt1.aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.187.196:80 tcp
IE 212.82.100.137:443 tcp

Files

memory/2928-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3008-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-10-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-9-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2928-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-36-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-41-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-42-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 81e4adc9f510bc6d8454e61da855868d
SHA1 c9c2bafd0bfc2912b4759069e1419ffc0e99ce4f
SHA256 017f93e35be67eaf873f48ee44e273da20b7e8942ae8c8f050b1f7f56f927678
SHA512 3c90663db4799a4c2fb5e103257aa8d3187e11ae67b0fda193be6391db938f46679d8c922ba64b01609289930e7bbf9a55377fbd63c8c43fc3ca0484dca21243

C:\Users\Admin\AppData\Local\Temp\tmp1306.tmp

MD5 38091202fc1985bf32bde0163252394c
SHA1 96b395d52cc475b74789f3bb0b57a3cc3466045a
SHA256 77de813e567302336b38d4d3dc7cb9e9b82b9e2b9bbd69a95d1c3300c7797988
SHA512 092758ee515ff7f0b82423f2c8a9dfeebd434b18f76485fb2bbee23aaa844ae118fc073f0289147741535bc26110ce6a7ff9eff7f46c9c23f18cd4312295b507

memory/2928-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-64-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-69-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-71-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-72-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2928-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-82-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c5de681fc6f065b65249e8aba1dd0745
SHA1 f52d4ec8a8b2df66730c7a83108977ce4e94edf6
SHA256 615c11abb7480c9057a3908c7482843eb4afbee2385c23cd9cf13962f2e162ee
SHA512 1fac4ef07cc940504c30fcda51c65a0f7d752c18bf4bb63a10ab49552ad6ee1392be097695b555329251f873980dff52af73b5287f9400d07211e5caaa732a7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b3aa9ce5f1608349a19a6de85ef28df
SHA1 01ae0650eb6ec8edcd29f88649d1db5b26b66adb
SHA256 f88b0442c94138a3193f661d1dd5d74a4052b45880dfe070d9aa192b1222df25
SHA512 89976882db9d1a80640bf664ffe312da9bd9ac9f79c3dd6628a62816293f3e02a8890e86bc607b86344f48bd25b2bed27408236a965a5abd8113cecc5e8d80b1

C:\Users\Admin\AppData\Local\Temp\Tar145A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef491868d6e0f4e42e03736b9c571bac
SHA1 5d970891b71ae899f700f5259ea61ca805c3575c
SHA256 fdb544d979c982a761a09415847e1015d12c6c41f382b25e6c7bf7290be371d1
SHA512 2ffa24e910a20da6d3aef45f3974fedb70873af18f3436230305211b9bd0e23b9affe225120cb27310c1042783f5e1e785f7a5c012a5a52088a002b2070577cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 e4d9f7a8b9beff3bbd6b7780f83ec2fb
SHA1 7f9337e9b5cc888dde469b4c65ee14c9f3da63c2
SHA256 e7e6963e5fed7e551a8eb2a405ae6fbcba204fb08426f86a8c270e6cb0b1bc06
SHA512 ce42909b0bf301c2c79fb01fee0b738411473c80bf22e137e52d371d0555bdc60b1374f8e92db74c28121fad2cd6e237b888596eba852de14be0b2dac3f8e001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7831d927460274739b9d0ff1f7061291
SHA1 c64f56978b805f24fcfb9d4553e6ae60c135f8de
SHA256 19ca2755bff09972109a4ac3481da045792e4a21d11a46df582253abf09d3eaa
SHA512 cbb4029cb0a1cf5e7a47e252201328d25000ff460767705928ae0532bcb1172c9e6182bab61ad210fb3a4908d994a5bb6c555d38244a641db0cb99c5af0c118c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2697c2850210a7f5558083d9ef1868e2
SHA1 49d7d190080b284828fe59f6600574a8451f0ad2
SHA256 4401517cdec67de0e4fe4d56cd6ad1deaab63111e426bc4d081f817315680703
SHA512 d20576f56ed051a5d351a7686ffb7283f2b5998dc8ce96fead780a25c76a706c3d2943533093c1b3eb3c1b87766d8ebf5814c9df385b7206f74842080737ec52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38927ff2d7d7691bc8ef555c4e6494d1
SHA1 694f5df38d48f054a501034fcc122db2bba074e2
SHA256 39ef8fde806c7112eb2f74036750ba6cd5c62eab993761a9c5a33ad1576fb788
SHA512 58e063bac415afb14784dc77463a5df1133a9cd348fe8a14cd606323244a9f75c6483879723f1bbe314377f375eb91fe6fe4cd05fbe2b0e62d356edf428da385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05f85fd1f7a97a55206fc9c7e277f90
SHA1 10ff1ab9a3e6e57f204d473aa00eabcb48b61071
SHA256 4bd117e438a57284a97ac57a787268ef5e0824cb6733a4c1613ac49812459a9f
SHA512 287452d373088bf2e5f4011adc4e3296fb6bf2a34b17d7ae1963fb763d2c92f3230c4809088671f1e53ccbdad048455be66e40f3e7cf2a4be7a761274bcccaca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bcdba0dd380a583141d555bdcf4bc02
SHA1 614312a16ac1d989f995ab232761ebce3d265012
SHA256 0f1dba2eae5fd9499d9f828b2a121918bbebb8a7214328be69b97be6f6d040af
SHA512 dd8b0cb5b1f8972e60d907c9da16162388c24971bb259bc11b691ed99bb8332a4ca96e5d746ad63f35597629eed5c09724a2dd9ad0ef726963a1415f5a5ca615

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/2928-540-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-541-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc5d85b8dfe7b9c13fe02dd9e404252e
SHA1 95051ac43fa68d6d5667d826be20fff35a69e528
SHA256 8bed0c5d561702d54c7988d14d5dfbafbdcf4023a90645cdb2d300082de8c8b8
SHA512 cbdb855ecf396be34a16af84897af8d5a100c7353c52f8b00e1232e00a11144600dbfdd7f67ec2fd8b5feec6ca6d53c953e7f22b245eb15936f868b9c37e4390

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89af8aba642e8dc60c7ee9d82b6b7187
SHA1 c4f87754847deeb87ebbdf7f6950de06c371c589
SHA256 2b0a21003f8c7b228d37363b1c50f3ef34007e5da0f53e4436223dc26a3ce660
SHA512 7944961a649d423a938e401a8ed6ffb1965fde40c4b27b0f1873076361087c93814b04b1264d0548f849c48e96bf63aecf812892ceadb5f995621a8cba6d39db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3368b2b0ef8d74eb89c61a9f2ce71ac
SHA1 6f507b0f406fa19cb27462b17dfeb535888b5ca6
SHA256 4f6eeba06a1ced2385691e9890e67c263cd9afc954febbd13cd88d2d1c0defab
SHA512 0188552e35b7bbf397fca0e20ccb8bde468aa27272ac143375a1ac2072718544aea90a7fd7d37cbaf724093cd8f0ce6e48e18da03a094fb52c0eb288b532534c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e13600252c34d86a6d690e4fb1ea9828
SHA1 e6b43e07b3b9b4f6c8e34eeb0d7750114cda2c35
SHA256 84f4901633fad7acef2d112eafbebeff57f968ee3b7ca8bd5d263cd014cb4cad
SHA512 bd2caa5e545b0646ac5ceb381215ef0f34cb2adb8f55ed39d8e7d8443e483fb159e451bb90372f5a5504c2ea869bd8440d5bc5203278ed0916761d58dc74923b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\default[1].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c3eeee34075ccba82d825b0fe3bc2c6
SHA1 1b44fd5f599eaa9ed2fcb17f5a0913abb7884985
SHA256 c77a829adbc211dd812c96df476bf9f4dcd56c1179829614843c605ffcd16a7e
SHA512 753e02fcf1409026d21ec19ba78c65397366e866422653109dc0d8a51b327be81238706c651fe5113dd3c7175c1601859a74a806714010befabbc7150835a079

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\default[1].htm

MD5 e0c3b4c8541e5bc3cf19d22ccf8365d6
SHA1 9ac1347e4dbce09ddacc47ff46b9cb15b01fd77d
SHA256 69e3c690688497ac57963720235b9181d6ab79161289aed6bc518f2284e75696
SHA512 3c6a7bb5b195dd5e973d180f051ad4979d37bfaa489e6e22c239a2efc007a203c72732496d0db1324a16344606510cba911af242337bd96da4f9832c9f6552aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 106d71cc39768db8d28e8c9ae97e64e4
SHA1 7fb8be8e0c0f3f7b0212fca9c7a73b664a5f93fd
SHA256 ddf29520922a59d22781d2bccbd611e05f6bc96034b27eec369599bb3338cdf6
SHA512 6ff7428ec1562b2160de3f685dbf7568a7d71e10b0c939d0017de0cba777d751b86ead90b14169090dd1127a847357dc903e6d0c0ec6ad4fbf0f7c059b240c73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 877dfb7a4687cf17f507892b0b0d7de9
SHA1 51a6f9ccb223e59171cf905a7599bc9372084342
SHA256 804a7bba8745ba57897dd67d4f16de4fa8fd45e7e733bce365380d1b03a7ae23
SHA512 52573c79524db70e6fe7f142943922faf9345119ca11cb465f07c0182b42750451f4bf7feecc55f567a73ea440c063fdc1c2121e614697644c577cc0da641682

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70f1409f87035b9e829c4b7a2515bc45
SHA1 00ac9c763811d551cababad6c00a976ee9572478
SHA256 9190f250f791048688ae940ee9bb8e1995fa43555369e34316f02e6b8cd2c737
SHA512 87e524e908b5624f27cc6678e2164d259a27bd75f0b7a1e888849940b37c3bcaa38e4ac3c7df9e776589bfd1958c4884c450af5f8ab70f336dad9b00ce059ba9

memory/2928-1471-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-1472-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bef31d0a85930a3aa8767bf55a19639
SHA1 4f1c4a3b462e0eb398fdb107c8e215f6d0c03dcd
SHA256 6ef9aaac3a7d4ded9d84a2e44c1eadc5f734bd98d12c9d6e34f86876b2f92028
SHA512 6aa56c2f45a82dc031e12d96c22b4d46c7fbc21d46ca89cba644a428b76f8c8b751c00e94f67135b9a2fe03a02e41000a523f404f9e990a8a27fc080f417a31f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3feaa761a47e46850a82321a36646f1d
SHA1 da502d25de82669a739a4aa43fa8f8588c5c3a5f
SHA256 0d0317b52d1ea77b2ee0a1204620be31acf443acaaea3cca449834f57985ade8
SHA512 bc9c2c767435ae049acd718b111bd47805a44659c751a41795d13f1ccf5bda333259dabe5d02c91c66ef2a49f28135f4642e3e570b4b26979aa0ed70ee8b9883

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e2fdedad2c36d1d7cf3fbe0522c3142
SHA1 5d7ce7a29b616b0fdb0ae5950c7f505a1ab5912f
SHA256 c7630ffd3e9c2800adfe3ddabe39d99c05db3db682718f5eddd7ba1c8e987afd
SHA512 79f79d0e5e0122d463cb78e6a50d007a624c5430e7b37066d1c2e98e7b8ce54cd203f0ade02b87f676722b31030b43d32b4c1d038b6c786176f15c4004125f87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a1fc2f87bd0c61e4b585802ee748cb1
SHA1 3f8002debc240af188908a9edc34b2d2e5ce01a5
SHA256 4bc1aab6f6ed3287cbb21c7796b6d6e2ecc9fc21c62766b64ef0943d6fd69b6e
SHA512 f96bc834dbcb40a2540ed41c2c3d49b7d2caf4ea2eb5b36b670c7c5a4db8d3ccc627d781485628220ad6dccd6b8a392d07dcc44ebdbc1ebed48e63dfc45e8c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 886b876fd81386698807a02c00d4a300
SHA1 3923891be7f15ac7c677cf9a8ead8a30175584e2
SHA256 51f393b62657a123197fa14569add367c8e4b79493d019d81f7c0ef16887c2d1
SHA512 a67b48e69076cfbb4c3a03bdb3828c9f4962906ad3a17396c8b2795d43372e2c96d20c434e0ecaff3bcc88f26d622ce5d91fe0c414bffcdbb95b4ef1a7063de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 732a05f9f0c8b43c3b6727b31a6948d6
SHA1 45e2567653857be7c399b6f6754cd6c0f92b28f3
SHA256 44b5125f582fd84bafae6a5c2cb57f57a76246e7ca85678e5005738bdb9ab08e
SHA512 e94fa54c0cfe15e17487a8f0a9c6406659ffdb1ceb7e4ba7af9e136e7e8f520f7cb0df41fcc481e5b953e03f8eee58fd10730ab8dce1e4f8326562b7d40c3eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69df54fe4598fb310b81c7942d56e3e2
SHA1 c236a8c49028398e9731d6ba9f3c70689fd23f13
SHA256 b8c483f49bbcf34b6b725697e470d0a47afe7f1400d69f2974d6330e6875cba7
SHA512 8bd9fc60b25063d61dced6d901d3ef81a5a983e470faa61e49b618b4e9a4eba353f071bebb5e40c6cd93312a3cd2a50fa123117d743ea4179887ff9615d6ce1d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\default[3].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a22027577ef01f187cde57930a333071
SHA1 d71765d166a43954b27ff844c81b74ebe43f0464
SHA256 23dec8a8c93c81c228181437d3a832be7f026bc31b3c554121bc441527256fee
SHA512 c8e100eb85fe3ea163e52c19615dcbf45d43f18e9f0457053a3f08e05a4a44815590b2e9ac3780b2c9124f7c1564ef74e5998dc3a8bcb438b48c3348bc4b092f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9f0bdfcc91d688b5ce8a78bb7c6700d
SHA1 33ffce9939048a97517e6ca3b4b49a0cd9848dd2
SHA256 4a8fbe3bdfb36b60fb0ca9062b828625c5354a392315e2c14a0dce1661259eaa
SHA512 bbae5ea41bc82f3c90da4b2eecc75c2ca26e44f686fe0e6c7ba634c5d4b1469fe2a587bc24736b5c7e8e73e5983e870eb1e59bc6a45d6323f72f1b869d4ffb68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14292c4bd3922e429a2d5dacb2f2bca7
SHA1 30c3897114dfa011619f91f5f2693a4cd17b824f
SHA256 901e0dec3b79ccf44a8cff6b9393263ff8813de1c82704c5bd8557325f1294e3
SHA512 d7bb55d0bfb67b9ce182612d5411a9a4bb88361b55267ebae0e78f9822d0e19a0017f2c2223bb052318f2dbc5d2cae09d8718be25e9a23e6e48d026e1f29eaca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efb9ec901a2ded9543ab8703a15f890e
SHA1 89d584b4ee8d2e508296e366ac0db8a4687ba87f
SHA256 bcb2a4b6a80f93eb210e9c10c74f46e49d3c5036f675272902e85b3be67a584b
SHA512 abc996b3e2da5fbbbebfab3e0bc11dc4e7ff1fd7527befcfe74a92a4f028253e9bdf08aab950f14601b1659215bc22d88b23c0cf4063bce480b0edb35e2c4877

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 16:09

Reported

2024-06-07 16:13

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6ae1dcf9bb992a43bde386cc50307480_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
N/A 192.168.2.108:1034 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
N/A 10.127.0.3:1034 tcp
N/A 192.168.2.14:1034 tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
N/A 192.168.2.14:1034 tcp
N/A 10.127.0.3:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 52.101.8.46:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.9:1034 tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 search.lycos.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp

Files

memory/2356-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4128-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2356-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4128-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-43-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-48-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-50-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4128-55-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2356-56-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4128-57-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2356-61-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3ba5f6f49b0e92cc77ee5ef20891a86f
SHA1 8e9413f903f9cee6a5d3948eec2ed398e0570f96
SHA256 4ac5425c4b6c298b8980c8bb72f361bdafe730d06125a2131634d45adcd0ecad
SHA512 6e1d0b600573a6eb5ab20d0b043d24d8083b144aa20c4319f01c5983607f16165122586fe677c914efde5ee78bc8fcd55ec67f264cb21954399dd5d683a82586

C:\Users\Admin\AppData\Local\Temp\tmpF0F1.tmp

MD5 e91f1f0fa8d262ca80359d7d2a24baec
SHA1 4c42d180b9df5ac0465af71463cb557b485bf3aa
SHA256 4499c8943413aa87aff806c01abaef32263af20a687e475ec01f2081169d7f6d
SHA512 26718a492cfd6b2e44bed27c7d44e18f590eea9cd200122d42ecf27b7ed076f2220fca2c80ee1132a5666857705849e0a6418f5b5a63cc161d38a70d09e3e167

memory/4128-116-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2356-117-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/4128-170-0x0000000000400000-0x0000000000408000-memory.dmp