Malware Analysis Report

2024-09-09 11:20

Sample ID 240618-k5aveawhlb
Target 316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe
SHA256 cc512faff7c2ec567aa636bbe41dd667fba39454403eb47bf3d59870a28be2d7
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cc512faff7c2ec567aa636bbe41dd667fba39454403eb47bf3d59870a28be2d7

Threat Level: Known bad

The file 316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 09:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 09:10

Reported

2024-06-18 09:13

Platform

win7-20240611-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.126.94.178:1034 tcp
N/A 192.168.2.157:1034 tcp
N/A 10.227.85.66:1034 tcp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.9.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.179.108.182:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
N/A 10.241.35.61:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 192.168.2.111:1034 tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.lycos.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
BE 104.117.77.249:80 r11.o.lencr.org tcp
BE 104.117.77.210:80 r11.o.lencr.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 email.apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
GB 142.250.187.196:80 www.google.com tcp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 icloud.com udp
US 8.8.8.8:53 mx01.mail.icloud.com udp
US 8.8.8.8:53 mac.com udp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 8.8.8.8:53 mx3.mail.icloud.com udp
US 17.42.251.62:25 mx3.mail.icloud.com tcp
US 17.42.251.62:25 mx3.mail.icloud.com tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:80 tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp

Files

memory/2072-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2072-4-0x00000000001B0000-0x00000000001B8000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2556-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-9-0x00000000001B0000-0x00000000001B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2072-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-39-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-42-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1afcc1974c2c25f28bf3822f649f3edb
SHA1 806e14c2f32e1474a3a1d974d0446795861c5202
SHA256 6f162e50757ab2673148a722ecbd5491e39fde4dd98989ec20893fe2361191df
SHA512 592e6e64fd8f5ffbf90d5424ff4fdd063dd587bd2529b94e3ed05a5cd24a05cea1ab7cd5755da31e788ca285079e2eb40e563a1a6dbedb34caf08bbf515003b2

C:\Users\Admin\AppData\Local\Temp\tmp8642.tmp

MD5 3613276fbadbe54b48ce6575703bb3d6
SHA1 1d0b79ec9f3a4907a7b4ef2155dd805df259d26d
SHA256 c5536d5b4695ecfcb207d382c065d535a0af2810bcbc6560dc9b21888631a8ba
SHA512 77cff775ae229ac7519157dd5eb156900ea927bb32a75e7e4ae6601687be5a5466f1126969cc6c736c85421ba2fad8d8ea09adc3667afb5986c5bb670cb0b282

memory/2072-63-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-64-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-67-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-68-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-69-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-75-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-79-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-80-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2556-82-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2072-86-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2556-87-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 ccd17f2d6999e02c948970b4437419f4
SHA1 53427c95b7fd16e55490ecc08cdf22f4a7d391e5
SHA256 3dec032393f43335d96a9eadb5066fe141ba8709d965bf5325df462f9169150f
SHA512 e6c8b6db2145c89e9077de228a1b5fcbae93e129536ebbda8104801119d3c1d26f4e3586c981fd4a55886fe7dd22ddc35b31a47b8c24b1391ac9b24bd4f55d16

C:\Users\Admin\AppData\Local\Temp\Cab9048.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9116.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4686a09f17707426995a1061233fbe06
SHA1 b3800f73b0c8efc9b817a7108663870ba0c2b06d
SHA256 9b0ef358919f5c48cdacefb3824d5071b7fcfa9ac6e382b1e5910ec0b1980252
SHA512 28be34e3bf344f008a16f9643b1cf894ed50f597d10f33cbb41c6b3c33ceb90a4622611f0cf6c429ea009c6d923911e38cc17c43df5589060b0b704f0238178d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32691c8e03859cc9e6e26ff5c4f7f209
SHA1 a3bbc5cf93f83a4368a34014c6dede6d880f279f
SHA256 86f9a7922a7ec97efd6cb0961ad8dc29175b9123fb910605e45ad0753c97a8d9
SHA512 9ce29d92cb693f93f01bc833bbf2d622a5290d8f4e5ccdb3febcce2f2a30bd364f7d123c7c8c713ae0c5ae14f513e6f66cee982d381759423e8533d895508bf6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 09:10

Reported

2024-06-18 09:13

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\316b2d8bd7c08ef7be664446c3d6fc50_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.126.94.178:1034 tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 23.41.178.59:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 59.178.41.23.in-addr.arpa udp
N/A 192.168.2.157:1034 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 10.227.85.66:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
NL 142.250.102.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.40.2:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 142.250.187.196:80 www.google.com tcp
BE 104.117.77.210:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 32.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 210.77.117.104.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 acm.org udp
SG 74.125.200.26:25 aspmx4.googlemail.com tcp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 10.179.108.182:1034 tcp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 email.com udp
US 8.8.8.8:53 mx01.mail.com udp
US 74.208.5.22:25 mx01.mail.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.9.1:25 outlook-com.olc.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 10.241.35.61:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
FI 142.250.150.26:25 aspmx3.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 mx00.mail.com udp
US 74.208.5.20:25 mx00.mail.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 mail.com udp
US 74.208.5.22:25 mx01.mail.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.222.194:25 outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.2.111:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 mx.cs.stanford.edu udp
NL 142.251.9.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
US 8.8.8.8:53 email.com udp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
US 3.33.243.145:25 email.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 74.208.5.20:25 mx00.mail.com tcp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.219.210:25 smtp.outlook.com tcp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 8.167.79.40.in-addr.arpa udp

Files

memory/2876-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4196-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2876-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4196-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4196-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4196-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-30-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-35-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3747c506c91e6dfa43334dbe8ed16eaf
SHA1 1352b4710e1a2c0cdbd0bfcbec37b3aad67ae89f
SHA256 a6dc00f3f8106e35ba47b48c29a4e3f5230f201f5192816c7b3cae98dd19efd5
SHA512 fe2f8aa1d623fff82668cb410bcda72b610a7aab492c744ba91e6b41097df0c15f2709bdb377251fa1ad880c10136b5da25b43706735c13c0c537577fe06f46c

C:\Users\Admin\AppData\Local\Temp\tmp2C6C.tmp

MD5 0a5b2c1bebea4c85faa412edad0ab0a9
SHA1 e327ca40fbdac7cd1b9c653c4f94c4523fc58899
SHA256 52fa09b040f3e775db228563196f4c8c7e0019620514bf2c4ca225416fa534ff
SHA512 9674aabde2124fc52d48480b9be5f7fc5f696109add5dbfeb23bc449449f54e7d6723f64a9cc77328f7a681f92bd8bbc5766d6da9aa600fc16e52aec18667852

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\WG5QEAUN.htm

MD5 3b617708954579db22b2587e026dc7da
SHA1 9b957b6a14fb64c002c8687e257a157ef81b86bf
SHA256 71d083fe626f29d371362e5b3e1cd9d2ea7b454c2fb971af0c18f86b6cc0b88d
SHA512 a0b91e0ab88880dde920ce22030d7305d78fe459c92531aa90eccc55271cf8177046d83a0119b644d5735e2fa300a6a6633b7485c0e76a6b727ce378320858f3

memory/2876-187-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-188-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[4].htm

MD5 973ddb87aace15464f391d4859617763
SHA1 7dd4d79796e1a7a45a76a420cfd8ade70678d52d
SHA256 a6c95e2baacbc87374c2417979af3f2bb2aeef8a6d37c4eeb183dfbad46dbcc7
SHA512 f520c25044045f7cd6cbb1a003a18b216e8c6d38cfdbcc1e299c1ff2d6fd351593613a3304527fa3bc8d08361f1b23b74b1d4af5ff0c91fb05a944b613d2e318

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[8].htm

MD5 8768188548711795673bd8c9989e5f24
SHA1 397ada6bd7ef91b7004d44591eb0fcb06ea8f09c
SHA256 fc00d28ff35a9caea484850905b3815f2438e39a59ff4df9b63856b35df5afd8
SHA512 11d6a6239f6f571ff3332925609d4a2670f0eae3ba88cd444a4febc972a48641c9ee28d8602c95b8ebfea040d4df394892fa2cdac420c10dc2e68449e91d174f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[10].htm

MD5 38f94f0ab5ebfa9a24bebc0bb19d6d31
SHA1 8763452588ae6951be84d11ee65a4bf44ba567fa
SHA256 57c3f0efc3a43a18db656cd4b16b112c57edef0ed3f5b3f9e5f8ff8e83edd46d
SHA512 2e0ac50d69123a473b0d3986bf650e8574a73b93bba19343b191e3788752ce60227c94bb1baa28a7348bf4f38ded917c44a1a2c1c9a906882452d6556ebca933

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchZYO0336A.htm

MD5 e5add6398f41f185fdade56e7e9dbd36
SHA1 d2c808527603e4a87c10cee8829cd3ba7a5bef93
SHA256 c3c1100502ad69fabdd2223607452add7f39a2a4f731473a8d05a39bf109970b
SHA512 d6d1d9f994de05bd8137cb0e95e4cbb4c488b208a708eee09fca3c4141bf8257bb74cd156383650b803f65b706b3e47a5f783664c9a8df2a3a63ce6e8f21112c

memory/2876-281-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-282-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4196-287-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-288-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-289-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 9c07c5c7bb60c55b308edd04dd03a4ae
SHA1 5c5c83c8778c0f3502d78bcdcc92d839733cccea
SHA256 49c27dbb1bd9cc415d2d690afe254ba6333a736c1e9548d18baff443eb06f72b
SHA512 3ed989ffded5f5291e14e55283eb560a519e51b1748ea93345e2dc301621befdbd0419cb1be7d0d69b3dcbd6d6e6c1205ed65dde873c572d6314766a65419817

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3cd26aa3cb9a1ae72953dedfc20f0608
SHA1 5328296dd1d2af3482a432f71afe29ff4ec80688
SHA256 968c4dd4c4e9829d90c5a5d7f47e779b5875bdd6603a14752ac033a98d64a080
SHA512 7ba1d8232cc596b4cf7cb47978da39e42413f589904f4c86ca1ad60d05449979819232fa8660e794076f4f308a82cd8bd807a95b0b275c0c306d5aec5627b200

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[2].htm

MD5 a2e26181c1bfdf8153e270d68d96ebe3
SHA1 d3365637ae2b23910b33bfcf72cf7a17f00e9a98
SHA256 1e45a345a847b40db68976cfd612be939d4907a24376ae8b5b7a52078d908612
SHA512 f849876bc1077af4ed026bca1b86cb3e201da6a977e98ea0d9c7057e101c9d22523c6397f656c77f8ad1e0aa246406bde10ccf2ad05d0bc7a5bc102497a0231d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\searchW15TNVZF.htm

MD5 22e23021fa95b4b9d17a1a2db889d793
SHA1 ec12da8e5033e82131e5cd755f69de40b99facea
SHA256 3783b4a8082b352397ed10b07029aaa0cf3acd2b47562deb88d9571705fbd136
SHA512 be4d53516d69f366f3bccb809a1d92e01398597dd2085c198d3ef0d63fc5e2c3ca9bc9049764ce1b0304f6f85edf8f43ea8506bdb029ab484e62821691621062

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchMNN6SE3C.htm

MD5 9774007a8ab8b32d749c8f5ef30d7cad
SHA1 0f796132adb63fa5f6603281815ccb9390df64c0
SHA256 757c27905a6349ad0c5abc43f487c3031ed64440e5a0435e7f2204bbc4eb4bc9
SHA512 785c06bf8cd9e0e37f45984802da2770fed980f035468f6d3ab1cee2f8714ea759af7b7bbd8a3144ad7ab7fac5a83e0fc9b89a54e96d63357bbf89bfaebe907a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchTR6F7KKI.htm

MD5 4af432829c94e32ac6eb2597fea3c369
SHA1 6c5cf2c9a0738c406a4f03da3e87522cb6344a38
SHA256 3f0d2b0cd6bd64bd6bafff3be1c7714dffb804d8f039db6147634455e946f7e3
SHA512 954d4f2dc5da5a9203e6522d4358dfda799dd849143ae1cea2715ef10207f2cff8cd382dc4464270941d0b031eb629962ab06d6aeac96267c7417142f58a954f

memory/2876-375-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-376-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[7].htm

MD5 4c832289901895d402c55106984db186
SHA1 9ce9589e15538d261ff395d33a7fd6db5c24f5d0
SHA256 f227db4412988b595d87a0fe83a3e6812377d9532e43593d6ddfe4cc4ff72926
SHA512 0308c977cd768d15e54b2cfbe4f621652f85ffd202f50357e055fadc485f390da16759a6de872dbab8287b694c20464aac507d7953c6bec4356b21d29218cad2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\results[3].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[7].htm

MD5 9a8b7705b4e8acb1efd7ab71a8a0db1c
SHA1 a5bcca5120161b9ba40e4beb4afe19462c93a814
SHA256 72bc75637660a8d21663c493b2f00fc062d264a9316f39cbc9d2eb9772345753
SHA512 c41464f9cf1c6f33bdb2aa924166a566ee0435e1b9d2bf3d7aede9700ee323643dc4fe496dcfaac312669f08f25a0d254aab2e7961c897735eea5f9760a50cab

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchXN0KYXSV.htm

MD5 5de391d9b0365f6ff84e2803bb8de6af
SHA1 1ea728bdd735d53100f6ae3fea8d7a1ec77e46ec
SHA256 b5979ca5e8b29ca8c022933a235a261b80831ad54c5c475c2cd3b1d28256ef88
SHA512 180dcfe7a6248ac5a930b804c6e97bd3e0cfa41a477aa19f858a7163095b9693c0791d37cb2e736b62f4604fe242d0fd7258c8f97f2193998a5d62d325be872a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchYHLZL52A.htm

MD5 a41aa6a92767db01b3d15a3ddb25c4aa
SHA1 95ca82db678da33ea7012364954ea58224ac128c
SHA256 55f70c9c6b5e540a85e8bc5a569164cd1eb7f6db614688e5e39e1121893e4311
SHA512 12b17e8898a9836ea4098dff106efd342b809c46429a466b88e4bdb28952ef064e17bc4b93e1c8e72a1d4f65079bd296ac9b42183b94d84f8dfc45387198d528

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\results[5].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search7KX5MSOP.htm

MD5 c1780a4c46010294b7a1de2d7c59f8c4
SHA1 01259340243c393377c74e87f98a7bb677d44a0c
SHA256 92c7c3ee281132a7ffdb38609ff85b2c4bbbae9eb17a291c5013359e44c3b7b0
SHA512 dcce0360ac3580e8e9b5c0e1fa95a2b511dd3c8c45dc9ce6c5a823ac065dd423ed0d899e5e6ac87339e66e4dbd9c378c601120daa08de430954494d89ceeaf6f

memory/2876-513-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-514-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1de2412c79c37b6d4d9607ccad55d4d6
SHA1 6d45a6304b1a81187b0b60e75f92a67da2617d3e
SHA256 1e41419ee376c39cd70916bd79e471615a5f963373995ec99adb3a9b10b4fc88
SHA512 d1b5a4d7430c99d5421d1b02397a2b25c455ce27a7749659beb998102657560ec8455244c1c672f86f09500ff5874f90277273495ddf576313db560afce3d2e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\searchKABZEZ40.htm

MD5 82b912e1d1c39cb60a82120232088f81
SHA1 c9a3da62f906e72ff795fe41f02e2ada2524e4cb
SHA256 817ae788bffa7946896c2abd4056f1599b429569c34b12b3572b7e12faac2434
SHA512 cc1190e6b919102785a9bc3953f7dfc3f882b28433072eb9d1b9c434d313235dd828c9a7d22f5d671a2d84745cf975721462e0f4d01b8c1d6bd27c7213e98379

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[1].htm

MD5 701ed93538351912233b379ea0de0417
SHA1 25dced8a4e8bb4b223c63ee0666648bc1d9a34e5
SHA256 dfe02ae7d49822a5468e9ef60b6890fa740b54eaba9d72fd144ddc0a9c5121c5
SHA512 7b3400ae340eaf70cc8eb3823d241c6afab00e2fe54db825b13040cc99aad3adb34e6bad4778b1b7db96cb43087bed0cdc0d8147163839ec73c0f491f81ea0b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchQZ2FNL4M.htm

MD5 afc99e9e039a6a8578dbbd688593cfee
SHA1 4a6fe64c5b8339df886de79359cf5a08f99ed6b6
SHA256 4d63c3ad7fce16a3ed59210cfbf465b2d8d5d0ef9e00820999d9b91693026a3c
SHA512 9259d913e64fa6ed70b47dea8cbb95811a6491a27dcfc2f8980d0f91eff359c757df7a51e1aa3299b190f3a6171f65140da5dd497c2ae86fae094170e266f48b

memory/2876-617-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-618-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\default[5].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchD74903ZZ.htm

MD5 7d2ca5ae8d1cbf87d38c999995e85434
SHA1 08a31a714e2ff819ba7e96c174d5995206449824
SHA256 e3350a9b3a7a82850d2d335642a67668b84fe5f43d4871e8b4b6092c8b1be6bf
SHA512 2bca0a23267aa8c905a01c3a0baede0a31c2820c7b6d22d33242a893cac9442bef3ce96c9a633799e1ed1cf81c4d294d338bc45102287a27aa1a2dde72059a1e

memory/2876-671-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4196-672-0x0000000000400000-0x0000000000408000-memory.dmp