Analysis Overview
SHA256
25dfdf2605e18dd7c6c0477757a29e9f7f51a2dd12886d142fac7466d0b8c3e2
Threat Level: Known bad
The file 301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-08 14:28
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 14:28
Reported
2024-06-08 14:30
Platform
win7-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 316 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 316 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 316 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 316 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.65.120.153:1034 | tcp | |
| N/A | 192.168.2.111:1034 | tcp | |
| N/A | 172.16.1.3:1034 | tcp | |
| N/A | 192.168.2.12:1034 | tcp | |
| N/A | 192.168.2.11:1034 | tcp | |
| N/A | 192.168.2.11:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.42.6:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.126.94.178:1034 | tcp | |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| N/A | 10.53.7.27:1034 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
Files
memory/2184-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2184-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2184-16-0x0000000000500000-0x0000000000510200-memory.dmp
memory/316-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-42-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\atbdeE.log
| MD5 | ca1051b3ef32313fcea8d9df427cba43 |
| SHA1 | c84849ec33a07c8d649f731fc7bd738101338c47 |
| SHA256 | 124fda69e3ba3c40b60360aab56131ffe8a54e57f7f40b1cec76102ebcca5f94 |
| SHA512 | 257fe2ba59ee5fad4fac66108fbf16b97a6ab62d17a127f64b8fdd38f9d14b253175ead591130ada3408c6da86d0b256624f05b966620bec5f599e31f190199f |
memory/316-47-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/316-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-54-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | cb76c0e84c39cba6ad29043974bba9b6 |
| SHA1 | d6e0acf85cba3d463e83d48e2a60964f2b6bfe41 |
| SHA256 | 3d05eaad0bb571946030112a25445e8ca8dd5cbfc93fae51f00c0b481770c973 |
| SHA512 | acc167eec7273342da30333da5c2aaa58ddc677d2877f36b0d87a88032feca5e2c0bdfa5cfb79341e068250e0c72636b7adc7ef8334098defb7a17def5f70cb4 |
C:\Users\Admin\AppData\Local\Temp\tmpBD1A.tmp
| MD5 | ee84aaaf114360499be92de489c1774f |
| SHA1 | da0b9de8ff175d5ef0f2261399cf7c5485da980f |
| SHA256 | cb72e808d3b93bc1f9226e828ecf43f988931e42d8b11c4e10254cfdc5815aea |
| SHA512 | 21d899bb0fed71a730af6e563c87e8f85b73028b03fe6d5ac774ab20e6a22b4c33c15fb6c57673d4d384aafd894aa1cf78c49b7f867229971126f7855c5abc49 |
memory/2184-75-0x0000000000500000-0x0000000000510200-memory.dmp
memory/316-76-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-79-0x0000000000500000-0x0000000000510200-memory.dmp
memory/316-80-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-81-0x0000000000500000-0x0000000000510200-memory.dmp
memory/316-82-0x0000000000400000-0x0000000000408000-memory.dmp
memory/316-87-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 14:28
Reported
2024-06-08 14:30
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 644 wrote to memory of 1188 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 644 wrote to memory of 1188 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 644 wrote to memory of 1188 | N/A | C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\301df7f319137ef266221720ee8b3530_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.65.120.153:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 192.168.2.111:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 172.16.1.3:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.27.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.6:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.244.122.92.in-addr.arpa | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | stanford.edu | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mxb-00000d07.gslb.pphosted.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 67.231.157.125:25 | mxb-00000d07.gslb.pphosted.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| N/A | 192.168.2.12:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.251.9.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | mxa-00000d07.gslb.pphosted.com | udp |
| US | 67.231.149.169:25 | mxa-00000d07.gslb.pphosted.com | tcp |
| N/A | 192.168.2.11:1034 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 52.101.41.20:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | stanford.edu | udp |
| US | 171.67.215.200:25 | stanford.edu | tcp |
| N/A | 192.168.2.11:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.251.9.26:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.111.82:25 | outlook.com | tcp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | postgresql.org | udp |
| US | 8.8.8.8:53 | magus.postgresql.org | udp |
| NO | 87.238.57.229:25 | magus.postgresql.org | tcp |
| US | 8.8.8.8:53 | mx.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.stanford.edu | udp |
| US | 171.64.13.8:25 | mail.stanford.edu | tcp |
| N/A | 10.126.94.178:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| FI | 142.250.150.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.burtleburtle.net | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.208.18:25 | smtp.outlook.com | tcp |
| US | 65.254.250.102:25 | smtp.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | makus.postgresql.org | udp |
| US | 72.32.157.229:25 | makus.postgresql.org | tcp |
| US | 8.8.8.8:53 | smtp.stanford.edu | udp |
| US | 171.64.13.8:25 | smtp.stanford.edu | tcp |
| N/A | 10.53.7.27:1034 | tcp | |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
memory/644-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1188-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/644-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1188-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1188-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1188-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-30-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 46bbe380c9e2d7698b5112340d0435d4 |
| SHA1 | d4da5c499dd6645c84661fa71dc98e1c08e35a44 |
| SHA256 | 7906ff03b5890f54b07ba0acd585e970f085038a9f40c68f69f778ce73ae845e |
| SHA512 | 94b1f657993a158fe8ca921cbdd6e43ab90b5f63d9961ff61257aa2d357c1e0f04809112d4f219999f27ed436856e0967bf8da379b5ed9b0f5e31738a9a2d1d1 |
C:\Users\Admin\AppData\Local\Temp\tmp2902.tmp
| MD5 | eb7fb7757a64105ef8e0acf2e6bef7b2 |
| SHA1 | 24f02ab1a1fbfc3a78be96e308d5976eda6c8a7e |
| SHA256 | dfbf642870ef1abb29749f6af2080f3706c5e6ea09666dd019e529896fa9775a |
| SHA512 | dba20b2506506225e36d26506da7ab5bad9e14d9d8f47c7f7002013e075b6038ec5f81429ec5809904ed1027591190a9f578294510fb3a2a23e50aecb05b0cce |
memory/644-168-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-169-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-174-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-175-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zkvQE9C.log
| MD5 | 97d57c3f4e97e127dbfe0878cabe64ce |
| SHA1 | 4828fe6a4979f7765c81bccfe0077e6593dc4185 |
| SHA256 | 76471670653a9d5df6b4d09f99351ced1146f104ae28898e54b798b3193d2200 |
| SHA512 | e24d1c7662f597437bde2cefbea80fb60d8de244119d831f0ff110a656ae724a01cf43a0634bc25ccdc9d69c4d43ea5143eec8381d04480c4cf00f3b75039ae1 |
memory/644-179-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-180-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-184-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-185-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 5c31469589e668d4b07f7de566399f13 |
| SHA1 | 8aaf4e4584e0d0bb0d8a46bd17532748ce657790 |
| SHA256 | 2b7678c33f53846d2af785761a08991d41405621ea66b460bfe67ac35180970a |
| SHA512 | bcf882e05ea1a1ef5e4e35ed74d776e30f68c03df2f68d941abef5f66634029991455931f829e763804381815a5d8c3698f13c5606309ba7d537788dc2cb69af |
memory/644-203-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-204-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-207-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-208-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e56a81bbaa700c265d6b3fb96a8a52ac |
| SHA1 | 0f2196801dce11e647740f0a14d54ac054dcc5b6 |
| SHA256 | 6239dd9b161240c98416c55f9e7cf1bca17c76c68d590455d783741dde758c59 |
| SHA512 | e4e37af17ff2e11102ab831240dae1c6253731e4c380d03d636548fb9019d1ad58998c9b883e7206e2d52517315d12fcc315cd2c569097a2ca600959b030a054 |
memory/1188-222-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-221-0x0000000000500000-0x0000000000510200-memory.dmp
memory/644-223-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-224-0x0000000000400000-0x0000000000408000-memory.dmp
memory/644-227-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1188-228-0x0000000000400000-0x0000000000408000-memory.dmp