Malware Analysis Report

2024-07-28 06:57

Sample ID 240613-19a9qssepa
Target 8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe
SHA256 1b0323e7c801156ab1b0b8d2e4a88a06a1e40734331a1d600c37677fdca66619
Tags
upx google persistence phishing microsoft product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b0323e7c801156ab1b0b8d2e4a88a06a1e40734331a1d600c37677fdca66619

Threat Level: Known bad

The file 8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx google persistence phishing microsoft product:outlook

Detected microsoft outlook phishing page

Detected google phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Discovery
TA0007
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:20

Reported

2024-06-13 22:23

Platform

win7-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe"

Signatures

Detected google phishing page

phishing google

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe
PID 2108 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe
PID 2108 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe
PID 2108 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
N/A 192.168.2.103:1034 tcp
N/A 172.16.1.166:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.41.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
N/A 192.168.2.102:1034 tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.251.9.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
N/A 192.168.2.13:1034 tcp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.google.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 email.apple.com udp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
IE 212.82.100.137:443 www.altavista.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
GB 142.250.187.196:80 www.google.com tcp
NL 23.63.101.170:80 r11.o.lencr.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 23.63.101.177:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 insideicloud.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 insideicloud.com udp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 insideicloud.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
FI 142.250.150.27:25 alt2.aspmx.l.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.15:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:80 tcp
GB 142.250.187.196:80 tcp
US 17.179.253.242:25 tcp
GB 142.250.187.196:80 tcp
GB 142.250.187.196:80 tcp

Files

memory/2108-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2208-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-10-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-9-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2108-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2208-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2208-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2208-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-36-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-41-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-42-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 ec88c1ae6a9398b14a6674e276b216bb
SHA1 0121db621b4ae4940f3055dfb7a84e310e635603
SHA256 e304e201be409e9e06873b9aec84cccc0cc191e5b7b6eb9c51e0176f64d652a3
SHA512 599ad347a9a0745b20f4df7d5c295bfa4ca6b7071dc724df858ba7ae9d13aee5c0b81f2f7c067e4a02d288bb158cd914af3028252196b422ae3d9cb8f49f4c8f

C:\Users\Admin\AppData\Local\Temp\tmpFECB.tmp

MD5 dc6a3a885b38c011dbe1043992c3f78b
SHA1 4e44496961828f8198e2b1cfd27de6898b78afca
SHA256 e0b497ec9350982d15550d2de8c84b8db5e8d396c5d5c1f7c52adc79c2e8a85d
SHA512 ee3c5e6a34dc6bfe1645da51d66f4e875d1170d29b36d54c3109b331378551c89d8df914e07ac25a8655511570093c1829a48e38ed6e90965fb75ada1ed484e2

memory/2108-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-64-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-69-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-71-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-72-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2108-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2208-82-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c40e99e53b2d828fa302ad5af77aedc1
SHA1 d225c642544320fce473a4334d869e3ebed321be
SHA256 d747c7c7ec0bc4cbc31eb3176fcac4a6d473d439bfe08838d2289f4376d09e5a
SHA512 2d8fef39e40edbca90dea8543c85a43a10d1d0ffa3c4effc8868f8dc55b3ac06f4263d5d93198a6b325d88d91c5a62b1fcfc90f6ea756e1fc5c25eca47c4a6ab

C:\Users\Admin\AppData\Local\Temp\CabFF2F.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a3377da2d8a30314ea7077ad2fcb444
SHA1 ef627de1c38b8e05e55ab9b6f89c51fabde1bd9c
SHA256 e288e9d39f60368cb251039f650a1a937ebb58f5ab1e83cbf81cd349469c30ae
SHA512 ee33a12270e6d6a193e1c3e1dead635683b91ce17cee1cd0af82a0d0c839452893a29a0f9bfa1947547a72c0d4ed20056024476542b41764ef2b6ca2e24daf8e

C:\Users\Admin\AppData\Local\Temp\TarFFF4.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d98a2f4c7ad65e2469c7b807bbf5566
SHA1 8db525fd10ee1406b9825c005c9f3936c1652d00
SHA256 cc94bd2cea621ab9d91eef583c6450ba16128474854ff9c40e8c0a8a0d7c8061
SHA512 cd31c54ad5793642370083131a7b36d1d21770239a58f37d945b86476fd1ce8f5361ebde387caca55f1bffc07c1e3994b862a92d47054f0e991eeb04c9a3be08

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[2].htm

MD5 39cd93d86f5d8eb7dcdbcc982d6e4ea2
SHA1 8decd1a2c46120ba882f7e1e57010990dde1a8b2
SHA256 ecb95964b5066387624d225977acdb17c7d636342e22744756c44ab24a30673b
SHA512 0937e13f4cf73ef3f90bca00118091f23e146aa7940befe4f9cc4e1b4993373d2257d5aeb81de95ab6b6c0d77f4c694f30f3bb779fbdb43e60b8a60506a2a128

memory/2108-228-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-229-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\CAGVKR1J.htm

MD5 4598b7b9c1afda863c12032bae1604b0
SHA1 4fea1ca6455a7a978f80d2b9cf5290ee744b2aea
SHA256 be3182b4bfb3a04a6e304a5e0230af22176a19e8016defe4bfa187a026fc7506
SHA512 c5da66dfbaf419c62c4c3f63677865abb517961f6908d786c70bca046e3652b4d9227a5757e824dd2645a44c6fb0a882767c7c5ab29a1c7456fbddf06a28da10

memory/2108-362-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2208-363-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 490ff54848e681343185afb1301df1b0
SHA1 ad3fc1065a0418f5109769e7baa98e39464e77b2
SHA256 11e477c518d180beeae094643f08e1fa343bcfac911250c41cd3661811926f9b
SHA512 6689fbc9c7fb3dc3d3078e934aac59cfc32103c08bc00d51c7d6503eb3cfb1a4d1897479a41b2c64458e21ee1bf5b7b05f25a1122cc2e55f659091bcc98b977e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[10].htm

MD5 296f84dbc8b5f59cffc08a7c9d6c7c14
SHA1 33efad44ed7bcadc68e0968aa018b3e0dc4fe600
SHA256 f76ffada7ab02b4dfacd0957e0152e58f68a547ea6134d053589a80704ea3d41
SHA512 3c3057eab720ee51b08270b8ea69a1161e9215c594a54bd7ef49d82df60f4fb1ae978ea1132b9098df775d8c12f98cc6a66fbe1a0359f42f44b39c790c76adb4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\search[2].htm

MD5 cdeaf44e77b17db3a626e61b77fde130
SHA1 fccfea5a70d8c80ea7bf98a2dbb264ba22bc6b5e
SHA256 2a47f75c564a6e311eb5acff141a1f09a5c8220a29ac8703df6ac0089f1022cc
SHA512 87fc361131f35922120b3227a6108f2f2463c33ef54a0602d9b7c8f32b2f5cbedcedec6182fd62663c58db4c7371270b4222c172cfa75bec5ca665791aecaf51

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\results[4].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\results[2].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\search[10].htm

MD5 26135c710fb97ea191c121b3a2a4f9cb
SHA1 5560a7dfe2372229cae1154c672bed47f72fcb9c
SHA256 cb18fa27baf5be6ca99ba94a103fed5fc8eb07be9f5105012ea36b75a84490c5
SHA512 f562e7e432f06b13f835bda55e69bba48fcc07a21c5e1f05411d2c3ba1eb3736d8ec95f26ec7d851b59b8eb2d4a3a18aaddd69f559d47703fa74a7bb74afc5a8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:20

Reported

2024-06-13 22:23

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe"

Signatures

Detected google phishing page

phishing google

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3024 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe
PID 3024 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe
PID 3024 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ba58c8e32b0557927e3893920b8a410_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 13.107.42.16:443 tcp
N/A 192.168.2.103:1034 tcp
US 13.107.42.16:443 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
N/A 172.16.1.166:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 mail.mailroute.net udp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
US 52.101.40.2:25 alumni-caltech-edu.mail.protection.outlook.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.177:80 r11.o.lencr.org tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.11:1034 tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
NL 142.251.9.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 104.17.79.30:25 acm.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
US 52.101.11.6:25 outlook-com.olc.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
US 52.101.8.44:25 alumni-caltech-edu.mail.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.102:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
NL 142.251.9.26:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
GB 142.250.187.196:80 www.google.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 52.96.91.34:25 outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 hachyderm.io udp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.2.13:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
FI 142.250.150.26:25 aspmx3.googlemail.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 smtp.outlook.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 52.97.129.226:25 smtp.outlook.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
IE 212.82.100.137:443 www.altavista.com tcp
SG 74.125.200.26:25 alt3.aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 kinoho.net udp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.251.9.26:25 aspmx2.googlemail.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
N/A 192.168.2.15:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.187.196:80 tcp
GB 142.250.187.196:80 tcp

Files

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3024-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3024-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/700-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/700-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3024-23-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3024-25-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8983d029e9035e9aea14ca073438836d
SHA1 754ad36dcdccc10c7d9f0cafff49c52642fe3ecc
SHA256 17792d78893b004488fc88ffd5f2559be4a39025644ca2421f66d247ead49f91
SHA512 a3b74139745da3d0d361770f0a2fce6917575137c410447b3118ea69d013b034d78a4ca9f624b5d5aa00c247836345d1ced42c0de2e5bc94d83ec7690662d7e0

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 76316c0055c4d2bbc368a81b1a8247df
SHA1 06f985c8fd705aaf56ebc6e872586c1056fe6770
SHA256 bdebb05092f4358cfe6c984b22d51293a67d931bb73581d230f8aab1797294f8
SHA512 b334854961a185fe2211603b16903b9bf3b72241e81e7fa1437081a609e16bfa6d02897e353de2a9bba435b9c8f6d3d2770dd417a0aa34a6cdad5b4e816204d5

C:\Users\Admin\AppData\Local\Temp\tmp8134.tmp

MD5 f0a17001b88a9c2844819cc60a5e70c3
SHA1 cb6cf1ad0e6a50a51d816d0d7d25912f54a5566c
SHA256 3c1966efe39d83e4c476560c0b5471947c33847cc14e0a8244dd30a5e67c7f72
SHA512 a650104dbbe488fa9358afb792659520c82eacc4aa54545252b059d6cb0937225f08909a0f2643f76ba757c5cabb36c43ba0f766ca8889a05810ee3a5b81021b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/3024-136-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-137-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\search[5].htm

MD5 0091661111271d8494f39915978300f0
SHA1 3a552bbce36cabae2db8b80a3c327bfbe9a6da8c
SHA256 669d056149236aa9937ebe4646d4816829e40387c3ca2141cbfccb5c2f5a9ee4
SHA512 df1795e6ef78fd53a9449859b589163f0e01a14029a7df020191bd68638f61098ddf4343d7cd839b325df52365b08c8b61c778bdb88c8e9f5b13b106a3c1b6a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\results[2].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\8HC9TD1M.htm

MD5 c8cf549d0c1c56502a6b9ce8217abaf2
SHA1 a2dcee16e605f467142b987e69593ceb8d62fd9d
SHA256 d9bc0839fd355803ace66407adccd62140899e614be4831778d038835e03a933
SHA512 052189c7ab5ac2ea47d09ceec9b8de955756f9873ed8aec08e665c96f7d86f7a2f6727a5803abda3a7dcc6202416c15b2c83a734525a05326df73f23c17e5a1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\8Y7DP8OX.htm

MD5 7a2d0f1bb10eb205483477ac683f7e8c
SHA1 6c11c259dd6082f9b5a52096999a14ac4cb8e2c8
SHA256 c6dcff10d83cd88a53ca1282b99a07335de2d3ca8ebc9f4a7804f72b18a3d438
SHA512 54ae265339d8d2e13ce9e07c6d9e1d77aaa208c50626ee5bcb1db86901499030b1c57d8ce40ec5dfb95735ae5408870e3418656667a39ee279da9ab6f44a407d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\NGXQ4173.htm

MD5 f205da85a7ab09a36b9fa55755e5068e
SHA1 0f5f69a8c90cab0fd1a301f8c512ffc4ec1630bb
SHA256 1210afbf45ea7d2ea88c94c9912c93e35653943df842f55364c537f859fccb2e
SHA512 742f036e57b17e5e3c4023352bd3afead852c3c28d22dee7f4498e1ecac69b3226f265cae7bc821f02556f70904ad54864ccb2d4f91c11c5ad594c38446bc56e

memory/3024-258-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-259-0x0000000000400000-0x0000000000408000-memory.dmp

memory/700-261-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3024-265-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-266-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 77dff13944c3b09164240b85ba6735bc
SHA1 8e3dfbe3aa5fc5f570fde2048be653a804edb3e9
SHA256 4c22ed489737295544f95691272969d3b8b4d593a5eaa55b4178528d2a649791
SHA512 9217fdc672e24a9c48cafbd9e3d3b713b1c89d6a4e301a554ba94893c8736a60b8f15886e15fcc50540e5d4c11173dc2f0d74768d46240fd8675ec27fd093aa8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\KP0T2G1W.htm

MD5 41fde84c226c2c6579878eb33589df90
SHA1 048b7f4fcad2df601a686cd357369a2dfafd464f
SHA256 2fc4e5af7cf799a45e6423893cbd753d92300a4e44f8f59d71883177bc25bdc8
SHA512 a6df8c7eb84de996b81ff2cfeb68be6254c89af1d6856a14a12f29e7e82b03cbb3ea23a8605a43f41b6dcdee3059acdccd334f4f4a3f97464299b98e0ce6d997

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\search[4].htm

MD5 6cf15e4b0d5495c484566694b905605c
SHA1 9685e75fd8bfe5b512516f8e92e37cb913d85f34
SHA256 261c63f74dfc8bb8fa7f3e50a23ef8ae6128606fab56c5296c58486b0de15491
SHA512 4e4c453f00d164eefc56b9d6a21f143b5cd75bc6aae289cd3c3ffaf28d76676405a83cda7a606e8936cdaedcfe2a5ad76f86e6a2908bb4b3c57c21c15f6ce69a

memory/700-355-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3024-354-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\search[8].htm

MD5 acd68dbb4e087f18e194f2573665e3ad
SHA1 0ed18bd5a52eec838e50917acfe70a06aae5286d
SHA256 f92c21b6921d4e7e634d26e23ebe6fbd009b53caebc494f5ba5e964873ba9943
SHA512 ce8083640d65b39cb39fa3956825340c9aaa02dfd78f7f5e99607f723fe0ebc4cb4e51f40658b859fd99fd18a115eddfefea02c9e6adbbc2261c2019dc03b983

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\searchC7X6LO3G.htm

MD5 88e352c336a5cde3446107ac55ebbb58
SHA1 68056fcb0745fb1e5c8bda87e11a6d94cf789625
SHA256 7a14a5b78dbcf5a5bd110c63794af849d70ad37ca7b461419583dfadd2ffd0d7
SHA512 38c0af4d92f14cfd52de54822a7858b4a50d3a197be9d03b58c8f3f9bfa94bf62f30d6443b2cf0d62f38e475c161a6b5c50c48f857e85ddcca7ce3b594d31973

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\default[2].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\search[5].htm

MD5 760eda1fc37541d07e5000cdd3474245
SHA1 725bf906756d00adf5521fb19e312b6379cb313f
SHA256 caf46ae288d45a1dcc004b063df9f066ef4a67a509c75469e92a7c79df52be46
SHA512 161c61641fb7dfc1866d10eb772f91272360f4eb354ee976c9c420ef786876053d1da2de8d597b698564898ce9d70be654851b2321426091ec474f5351a632df

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\results[6].htm

MD5 7a332319b4c67a0c2b49c9fb95a8b533
SHA1 a73a00ba83953575917a2060c009253fc0db93c4
SHA256 3c0cf785ae4898fab36c8e6e6d1ff44a1b980db0216539cc895157efe273da2d
SHA512 e057941f8e9e7f686dda89bd88a6781bdfa6d7f4545c3ad185ebf0a9828b29789f91a616f5eabe0c7c1cdfd9dfa46f443564e9cfc36de6b04f03dfd6ab67f100

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\default[1].htm

MD5 267ddfdbb8d492b25de208d84b290f1c
SHA1 9f57d9f19f25549e1232489a0c101a92e851de2f
SHA256 ef1f87447ae1ab45548d2934cf0dbd15a32b86359ff9fccfa48d76c1badf6586
SHA512 0709aa62d39d419d335183235dcf328e1dfe6997bd9bfbdeb01bb050df8dcab63ec2d4f46e4718ab389fa8e12af66dec2e3019c8871ac6e40927a25cb706c6b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\search[2].htm

MD5 56dfcd07a1685bed95750057544e6007
SHA1 74e1db5fd014e0197db2d2dd35b89fbb7a6f8269
SHA256 75d5b96a8e08ec45ed3bb8cdddf5c8885cc25039fd1426fceba4e1c74aee04f4
SHA512 1db707e13a6cc68b968432b655f1288b590dfce980bfe5ec476f5ddd3c04bab74ea89500f2cac3f12f13b5fdc093c113f11e2b64dadcc9d368dbc4040affc93e

memory/3024-527-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-528-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\searchAAB5KJAJ.htm

MD5 6a62cc6681f7175d84f7a19536f4f7e5
SHA1 e01230b43b9fc3f776265b726336e7cc053e439e
SHA256 2d9ef7bacfd57065f30c2624edd4688939f8094a285478456ab2b78e43319c68
SHA512 9103946bc567401772c11d561590ccfe4af0a72cfd850324aa0ed163ba1b0ef71896f0df923531967295368510d2a0aac906053ba4569d108b63f4427caadc39

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\searchJAOIQ53J.htm

MD5 d0649ee3d54af4382c22a7d96dd05916
SHA1 0ab4ddd9b8cf7c71806359caba97584ecda51a9c
SHA256 4aa7362500799cc334d6b6fad77bd74849d1870875f3e6786f3828523c6f9af8
SHA512 0d825e0ff028a6d70625cb6d2829b58b971d16dc06c4d77de6491c3242dbce26a72aebb9196006214c43406feb53ff8eddf96ae0b701f27d34ff1f13a2ee0f54

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 cba5896aae91c8e8c84ac05ae25e5811
SHA1 a43e01b3abefcb898eda981a5d16dec00c33aa14
SHA256 e0f951bd952f5a168c83028687c0357bd64782d1832f02b85fe1c69e02382de8
SHA512 ce4dea143acca3521fd2352bb7ef8f2d5620b2dffda4f5c58fbad71afb473a324a3d2d0c9702c5056ad9cf3b926de86fb438d051e144f3197541af7348da1854

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\searchGN6F0RWK.htm

MD5 a51b8350a3ba9cf3b408e4a8796a65e7
SHA1 f459b65702755ad35c97fcb97813a875d1d92b54
SHA256 51214a9cf591b2dd87b95662798dad950c73af7c5cc8084d401e53b07d4d9100
SHA512 7d27372bf6078be5d0dd74f444af394877b0dfc5203d9d829c4f6b78ab1754d79d07f45110b7023dc6d1fe74e249dabf87aca20116170e8fb9c8aa066a325bd8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\search[4].htm

MD5 0d2a173b10e2f45922b9b4af08a57902
SHA1 d1cdbeb2ab4b8776a441a393a7a7242607420384
SHA256 e48a0bd267530b069af1e3259abc82f3e2f6831ba6b16f1233ccc6537653752d
SHA512 04bf47462da20152ae9c4408c372b311f1961c9d230cb8994118a97cda97d7b2b94d4d4c90f9510c3a92ed36c9a824b2408bb00c7026a5f3f2b5abb47c49e3e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\searchEKCEJZI8.htm

MD5 5a6d2c9eb26b170a37d9a1ebd0a4d1a0
SHA1 48cf767ddaef9f42615cb1931a20e314cadd793d
SHA256 31fd8929b62d2ec7c0567c5a66f552fbe9ca5ae8b94e5e0da5120eba35b62937
SHA512 54e97cf3c33c49cfd204a43ebd9cdc34ff6e8da8249b38787d87cf019095ef89ba9caa71f82092c436d0d0a94885a6eb635b05cd121efa05b7462d42c9621b63

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\searchEN90SBL7.htm

MD5 809e390784a0a5ebeb78dff5518a41ba
SHA1 e6010dd88ed91f58e84244bb563b95aa65a90d97
SHA256 1a18f5698cdbd895b70f5926afd4103760bf9b5bd94af2bc251ed5f00381a3cf
SHA512 994f38279674815d050359b4ebe7f968534df79aa9685c77633eca5ca9966fdbbc4f37ecc7f964b802106e3f881275b1a2defd50cb5fd5f0ca61cfd954a452e9

memory/3024-638-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-639-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\searchBGSKF53Q.htm

MD5 ee29b537833acb5c54947c2a22cac94a
SHA1 35305e94f9036d6c1fe461032080a120c04d6df6
SHA256 b2152c63700c8d70e7ef0f65372a6831d7adad556b08e4b7751507d7d5a994dd
SHA512 01b42b78f36c39b3ec9a681855eaf8eba3b7a0ed3b8d6c7ee198da63f18ae93e416cad25140d487355ad5402ed01dba864448f1d4d54193143b236e6355d6ace

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 02aaa7466f5abc28bd869a9922451186
SHA1 0e6ae426d17904e263d1229e3983b5722fb371c9
SHA256 eca06811d607eee0bd05a3044328f67d658b370f97255b0a3996aebf707ea9e2
SHA512 18eaeb2b94cc7ae1f8e80d72003dd20f42a59ad6f44ceb89bb316e0c8b666ae7b26408d4316982cdec0f3bdb671475fc4173447ab87c10ed7809e08aec010c7d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\searchL3D4W1FB.htm

MD5 9c14bd1c1e3ef4f8e8df207f61ae1657
SHA1 a875194cebf35732ece35889d41e0bfd3f5364b1
SHA256 5a671f25a45bd51ed47428923f5bfce79939bc2c131ded955b9a09e9eeae34ba
SHA512 8dc20bd8639051a963b1a935f06ea4eec2748b7f13bcc61dd6a8abdfb6c5a595351a2999101902b0710a0352a5f4e465546a9aafafc5a89001c44b9275928406

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\searchZOI1XZOI.htm

MD5 b3cab2f02e7f72d058b0eff47bbc20a8
SHA1 16b39a2e7197385bcf7ad64f7e2ea9e31bc651fa
SHA256 dc3c770cc438ae59bbabd3f054608d2573a025eac46b178f9b54196ddf2086a1
SHA512 fd07814250bd0f96a0fc6aed22cc9f514e4aed5ef174a125f7e1fb1da3866b542984778e282dc54f1a8c40e8ae7c6d53f0f0c5bcded58f4405cce5de45a60b29

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\search1R4BJR5G.htm

MD5 c19d774edf39acaf88ba0e27f7e728fc
SHA1 95aa8a0cbe73c8f8f731f025717dff18e6e67889
SHA256 45b904d6758958512ce9639e1bb0a035850211449fccc795d9f9a962c17d195d
SHA512 df2f44cfa61160ee52122799af9e668add7f1df09dab4a950cff91a56f3157cf75f98020e2d2f31625eb215134c8a4be82e99003d41105a51ddf602d7910fa0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\searchR07M3UOO.htm

MD5 ee6e0b810af2d590ef122722022e3c9e
SHA1 3c87b4f02c5f93498c7827672a8ebd9e0b76cb4a
SHA256 7f18b52b914a4a32a5d1f10e2ee383bd9e2e5f341fa54154a7844699ece2fcce
SHA512 22da18e25ceddbea579f23c3f91e409198812358bf89dbbca221abae44e7c50ae55676663b31bea8389c3e5b23b100849dbf3bbd52d62619bdc72ae7ba3ecf66

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\searchDN4FQXXF.htm

MD5 e69c34d684bdea3e949ee6f9b7cdce10
SHA1 647bfd383fe09b46a3219b295f6469b38f0b4f1a
SHA256 7df1af7379085787cb0f59161ebccb5500ff1c75eebffaba15e4b8ca46c1b8d1
SHA512 b795bc7bf18471a6a2210f67e8b51a559ee25a885f1d5242f08bc062047c83418a1403363d53508b47df0722eb695876c63485d6482259bfa862cf766b1a5788

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\default[5].htm

MD5 5431b34b55fc2e8dfe8e2e977e26e6b5
SHA1 87cf8feeb854e523871271b6f5634576de3e7c40
SHA256 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA512 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\search01AJU473.htm

MD5 10ebdc0fda1796ce576e6a362dcea562
SHA1 5874f051126dcd1de0b0971578adc469d883c10b
SHA256 f283d54dd47347e58b8f79c7cf3b8417a654ce40b84848254e350b7164332d40
SHA512 e47f00287270ead25369e6afa8ab84868304fa881c3d9de5df9894efe04cf96cbdeabfae6c2fd7a6692950c919483fed8d645c1c67fb2a801d793a1f3d3aeb9b

memory/3024-812-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-813-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 90d877f69956b154915a4b4d3e339aea
SHA1 a17c5b76fbabe514dd08dd0f5e4f0fd51e6840b5
SHA256 b0fdc82145bde8c52ee377ff7ccb054d3d7dcfc27677b695a27846c4721f8c9d
SHA512 c20e2ab05fd7c582c790679a02595c6e2a9b8030b7459ee389aa1b73385c8e60646394ac3fef42d300e475c9053528d69721f745e9f07c0fb59ee738b1dfd98c

memory/3024-848-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-849-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\search46RGP5AF.htm

MD5 5919449af689a52e68c9bc84bfed0755
SHA1 cd706dbae72ffb614345b0f8b27bf49652e7dad2
SHA256 4fe70afb51d114956cf1ab22681841ddab09c2f1877a353a6621efa140b00bab
SHA512 c87f41c407c884e849349b841262079f1661381e5e86027c8963c1deac9f590c55e96c7263331d1b03ac2b0f843b503f20f541c1da716e348fc574d461f01cb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\search228UX450.htm

MD5 0d8ed82ff7097aef8a41bc7bc57d9c39
SHA1 6533fc6a570ae9860294e1e038b0c43bd100379a
SHA256 3eb3bb15426399da5f0e30a7a27e9083030c1fba376aa17bcc84792586bdef75
SHA512 404acf20a77b402566021b7a8f23109be280d58544c81354689f4fe6a785773cab82679ddc459f72ebc7bd650553d8b4ca7d5c25069a42d3a5172d3feca8f5df

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QZRYTBAT\resultsRNE8GFCX.htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e65732673f9c0a670ea8b70e51152a6d
SHA1 5657686c5030b8cfcaaef1d3a8cd99a64d69bdc5
SHA256 d8722c9e3b8824827890ca4933adf4108dffad8e2f72d764591a606c3f81b3ca
SHA512 a834a670e410c2e752e08bb55f82627a26a5dd3cc03108198814c0a552cb98c50f37b306152204a5a7e55c64c940116b232e9d95eb4e1beced748c79c570cbbe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RD8M0ENG\default[8].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\default[7].htm

MD5 5243568476eb2052b2f3b67dc9053e86
SHA1 b126aa6506772f9024b76580bdf28b45e3a7f051
SHA256 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80
SHA512 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833

memory/3024-1012-0x0000000000500000-0x0000000000510200-memory.dmp

memory/700-1013-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SYNNS6ZU\search8ED1M2B8.htm

MD5 05a36a117a6df633813a8f1fb4aaf901
SHA1 aeccf603f9bdd112730c5548f120513babd4af33
SHA256 d96f4216cda9820d68add5c297de82a6c7de5095888916359e8d968f34ec3bad
SHA512 ce05d0a1083c79417b357960b2f60e2d9c620a57c3bdec11cef3c587d9afc2c0c1483ea27328dc25f98a9be9fecef0f4b2229615bf1154029a9c73115596e666