Analysis Overview
SHA256
637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2
Threat Level: Known bad
The file 637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies system certificate store
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-20 12:44
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 12:44
Reported
2024-06-20 12:47
Platform
win10v2004-20240226-en
Max time kernel
156s
Max time network
168s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 380 wrote to memory of 1980 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 380 wrote to memory of 1980 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 380 wrote to memory of 1980 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.16.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| N/A | 192.168.2.155:1034 | tcp | |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| N/A | 172.16.1.3:1034 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 192.168.2.117:1034 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 192.168.2.10:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.19:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 23.63.101.170:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.27:25 | aspmx5.googlemail.com | tcp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | snai1mai1.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | snai1mai1.com | udp |
| US | 8.8.8.8:53 | mx.snai1mai1.com | udp |
| US | 8.8.8.8:53 | mail.snai1mai1.com | udp |
| US | 8.8.8.8:53 | smtp.snai1mai1.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| N/A | 192.168.2.9:1034 | tcp | |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 172.253.116.26:25 | aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 8.8.8.8:53 | email.com | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | mx01.mail.com | udp |
| US | 74.208.5.22:25 | mx01.mail.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.41.20:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 192.168.56.176:1034 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
Files
memory/380-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1980-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c5bdacd9065aeb32ad14ef055da04d04 |
| SHA1 | bd94bfbd6c2293e24eafa72bfe61ea90e3f028da |
| SHA256 | 82277aac5ef5f45ef05df550f77d51f475efe98d977242deee935cfb8a103d4c |
| SHA512 | be047796912f112454fd3cc6bd9c957bb19ceec6085820599b5931212a7c4e69f6d8f6f8499fe4da866ec2a1260cef0d4a8b93bbd41e64ddca54a217bf1012c1 |
memory/380-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1980-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1980-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1980-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1980-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1980-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/380-32-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1980-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1980-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/380-39-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ngnckogk.log
| MD5 | 8372331e9594ae6be73dd70c2c83e79c |
| SHA1 | 9505a52579afb1a8c4234d9f12b6de8dedc16e99 |
| SHA256 | 0d0223d5fae3d0d7a657c8b5a1d9664dae38803ce8f23e1c7691cea185fcf453 |
| SHA512 | da67f0e9d736f6374f3645aaec42222d9bee31a8514310f741fa2b0370c7fd281c2b154aaf77dad245eeb348ac73000e67824499689023a6f512b2ce31aa4b0d |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b624b6a9d7dd26f2f589f3fdde64767c |
| SHA1 | e496ad4da81987ef8ff0ed000a3dfff8519f81b8 |
| SHA256 | 63c33971b67fc74a35d05a75a6f0bd30e3f370efbeb142d71490d0bd230ce79d |
| SHA512 | 2fd2015e6c759ec204098ee3d2c348f1614a8286a9f1c4bb7d6d53aad65a0b6db2b1124f721bb7a7bf0224a04e637451d590e31fabdb817ba47929a78b96bef4 |
C:\Users\Admin\AppData\Local\Temp\tmp73C2.tmp
| MD5 | e7e834fc1504267d9490d29aed7ddea5 |
| SHA1 | 9970a270ff4c2abcd0427464a482433d2fa7fcec |
| SHA256 | 3c4cdfe4f5a68174b0e4331abcc3aa0d1728bf126c8c50cb7e0bb128bd2f73f9 |
| SHA512 | fed2e6174ee7de4ffeb2751392d6d40fe84db2c0d5b420a5af71a2c9f4dbb464defb4bcf3a02ad19600da5e321216195a699add2e3deb2b3dbfd8c49d6697b73 |
memory/1980-106-0x0000000000400000-0x0000000000408000-memory.dmp
memory/380-107-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\results[2].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/1980-162-0x0000000000400000-0x0000000000408000-memory.dmp
memory/380-173-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[5].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\170IT1CQ.htm
| MD5 | 88b4aa2f4e9f9dbdd2993165707f5dc4 |
| SHA1 | dfbec52f994d27a35df9836417cab37fe42798d5 |
| SHA256 | 4211aee027a58a7c9ea35d70616979e17d57dfa5562cf4154f93dc96b628cd56 |
| SHA512 | c38296ef0c15763b094f5cb7501ad59281b1b20808e92e43e2270fe211b39e4cbcfd43e9d6bf83eca52536246e1fdc3279f45219bc43183a236c9bf47c53d3bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[9].htm
| MD5 | 97fe106050fa2a5a334f71bc3435ec3d |
| SHA1 | 73836eb16534a48bf9b46d3d78db9df7bfd2e768 |
| SHA256 | be25740a1e6d1a9cd27d6eeeda02ce57e02560a1c028c6c359ef1eb561dc62d6 |
| SHA512 | 55bb22dca1155746cf72a505eec0b99c9cb6b90d89f83ef8a9e9686b8ad9d94812026faf3c5f7973725ae8de7c7796b4192b5e3c9f13570fe24858ccd825fb02 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\ZSMKOA6B.htm
| MD5 | 3f6856311eec36b75585ba330f28ce90 |
| SHA1 | d9f8699af0f85e9795fe7aad489a0c59d309c880 |
| SHA256 | 1800805a0d396d29afa4cfab06254e4263c4851c580d1099726fa2d471176973 |
| SHA512 | 47a1e0c5820f8bae56344d4c69f6f052fa7d0238145599893801814ddabfa79b6090ffeecb323f219b092aa91e7b146d28ec114ef0ab24aa02dea7090920df39 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[6].htm
| MD5 | 4588094e13af965604cc17b127931836 |
| SHA1 | 09287117af52f911a404721685c6c54dcc8f49ca |
| SHA256 | cf9a132345ef78d344152dc8ec8393f5339f029195225b186ebc22bab7766147 |
| SHA512 | 6b5379ff7991e64fafb7220c38cdb008cca8f34285260708698230d0aaee37e5b74535112dcfaf9c9d71d109a50fc85c1037a16c61a0dfabd6dbf28c17c634e3 |
memory/1980-258-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[6].htm
| MD5 | 214867e4897044f4c41870a8949f8dd9 |
| SHA1 | 7b7668dea5ee1d08cd49393c3dd8466047d9528f |
| SHA256 | a7a5ddd6d4f53ca09f4272683e22bab921d20a037d7f3786ff1c98ae95665baf |
| SHA512 | da8f0f816ecb2f9f216e6cd43bdcdbc474dc2582d100f6648fa2963da277ea745ba81a755f04893938561c571e457d7dd28323de6dabdccd13c920ab20b92365 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\default[3].htm
| MD5 | cde2c6ec81201bdd39579745c69d502f |
| SHA1 | e025748a7d4361b2803140ed0f0abda1797f5388 |
| SHA256 | a81000fc443c3c99e0e653cca135e16747e63bccebd5052ed64d7ae6f63f227f |
| SHA512 | de5ca6169b2bb42a452ebd2f92c23bad3a98c01845a875336d6affe7f0192c2782b1f66f149019c0b880410c836fc45b2e9157dcccc7ad0d9e5953521a2151d4 |
memory/380-334-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\results[5].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\0P5L6TPD.htm
| MD5 | a3094d4e7c3bfc8c0677159a06d2ec4c |
| SHA1 | 5983c3e492fc543cc259200641ea0d72384f9552 |
| SHA256 | 0d18fbd58661c0116757aca571d96a46e73a601272f6181f2411c5c720ca0126 |
| SHA512 | af65a7d80ccbd176751a8b090871f49ab96be2e3e8c5257231fb053554fdfb9b957e2cda2ba2077ad8704b6062fc61927853a1b4a04a1035e9be311f03851c3e |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ac24cfc9dafd95ca5fec586f6a860301 |
| SHA1 | b5f1b24e64de04b31208c6002e11f630ed523ef1 |
| SHA256 | e23dc7ba85ea252b0903c7e90e03c4264f0bd89e197a8ec351ada1ccb7565d46 |
| SHA512 | df42a137d8bbf279d1901474bb8be6d239e82890ad6528d0a64930ab731ffcbe768cdf61c38a5ddde4d18946e740bf21bb3e909f1c19b68cf2d25cb54a46f206 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 17a240642392b685195f67f2fc55495a |
| SHA1 | 1f0bcf7dfe7ecf672fde75aac3b8178b54552847 |
| SHA256 | 505d1a07fbb68c8a9695d3460d44d19ec38b55cb6703791035ceac9c4c687418 |
| SHA512 | 0478807a8345b01aaa7d381f5bd70ee8af3dc4344946fb1c1908ec9b9c58412ddd392c62b1e6d8336326b6765c77927bb80438bd4c01d829beb29c8a563b2d0f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\searchCRMAV8UX.htm
| MD5 | acd0f924a2ca37d3847f6b2d048d6760 |
| SHA1 | 094f7d60648fd9648b0d398f64da42782d6e7396 |
| SHA256 | cef04fd8d2299074e769bed1c725676ff226354668a8f5d55ddf337311d5490d |
| SHA512 | 354c8fda15bc6d157521a59356ccf871ad40a317e422b87a088ad549db8f29890091f766abb690e2fa4bc46889bfd897db7bca7eae74440c8a92cd2bd73df715 |
memory/1980-441-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchO9S726KL.htm
| MD5 | 8e25b4d032ddbcb7d1ee282c47faff04 |
| SHA1 | 3f384ef7e4d13528b6a60ebd7691da4c6871f129 |
| SHA256 | 76614d3d26a3c8828da2318e6b83575eff13b9d4be11c0f4b473125ca54bb094 |
| SHA512 | 4fedea2a45d6f18834b503c9c502d6263bb26e04d0a5b5c08d31001e9c8fa315f68bcdcd6082eae546c4aad63cfbfdf125ca0fabf927e7a336adb048542d2142 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search5WA0JL9Y.htm
| MD5 | 7bd3873d9ce0a0aeede6552cee8b390b |
| SHA1 | 972291491e3084a3de1692a8d39944b5f1d735c4 |
| SHA256 | e6ad19027ec02cc545519570851ecc89468e6f7d437531c0cbdb1a08ce7ad89c |
| SHA512 | 0dc5da45768699fe5cd867ebfdb1b47ac056489a87ae60b2bd09a54f789bb26a7238b1f805d929fbe5b6b75a139e172e4129077e26bf5955ce2baccb742dea71 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchBQJ2AX8W.htm
| MD5 | fbc7136214455d966025690ce01e354c |
| SHA1 | 6d6fb724925081e4c0269b7ea0319261c34bef4f |
| SHA256 | f9353eed67e42b0e960f800b99a2c1e432d5ccc47eb1ed858ebe71252caed006 |
| SHA512 | 74975633bbe1906efd1893bbdccb42b9eeca347af795143d0ad14550079ae60abfb71e36dd691e7f3e2270bdc960f86d8c4296cfbc17a15527b970896a4cea57 |
memory/380-499-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchXTUWDX71.htm
| MD5 | 1bda435a0eb79b56db803939c35d7e2b |
| SHA1 | df515929c59ea3d803b56d81d56de2f89038230e |
| SHA256 | 26cad843d8b6d42fe0270b4938aa8252bd7c9468e6368182dd9e303c37fd995e |
| SHA512 | ca650a07ac1bda8718c1399660f5ce696a72a23f454213e39b923b6cace4d934e37766478db932d6fa25e02dcfc7ea4029314c36fd115e34ad744d529d6d17d5 |
memory/1980-548-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchVZAGP3SA.htm
| MD5 | c9e0c14344397c1f49d6d748229a43f5 |
| SHA1 | 6187534988616810b39de421b674cccf73de612f |
| SHA256 | 1c766c70fdd025563ce2ff2208603ebb41c4b29a69d0596230ee98c8aee79ef5 |
| SHA512 | d94431ec1210e8ecadb1c6d749f79a2b3c7129c10b536171f3e8e1722e7f52972e493f9afdcd8b942c46c27323792777cf249e16b19905dd8f1b0f228186a265 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 6fe7715d2e81847926243d6f0fd591ac |
| SHA1 | 4ccd5728396b2217ba5159a20bf8c53cf011d41f |
| SHA256 | d8226debc1c7e8054042082a4dc627ca3d22f95c05b47bd7fbf18734b2fe940c |
| SHA512 | a98d014eda7f4e7130bf5a6fedfe55192444a842e2d32a2ec166e428938d8b1494e394829f68dbd46f7307084e6ee3025cad3713fdfe7078c68bdf10fd1c1933 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchU3RQNS21.htm
| MD5 | ef7eac3d8c1163aefe51e45b25edd76e |
| SHA1 | 4ecd94192c91b9299cdf97b1151d6a7d1ec0d2a0 |
| SHA256 | 2ce979f4a7f4423cb91b0cdd3d2307fc6b9c22e3921e7a8cce57b78ba31eae22 |
| SHA512 | 1c7d6bdbbf4a1d7060124a416ee41c6a7ff2987c73c27ca86955f484022105b7ebef0dfdf37aec04589a7b69ecb6c371f7c532a381e65b0af9cf4c53e6da925a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search8OTYYMJW.htm
| MD5 | 5c1d551fb21235f722ab951743b8bcbc |
| SHA1 | 303918d57a4831223eda9ef33f313a706cf87aa2 |
| SHA256 | dd7ffa4d347cbaab2aba3d47235f7d3f04b4e6b95489e3526336962f85d7cf35 |
| SHA512 | d42624b883145e52435b770f288ce9dd46244e6fb19ef436b280467eb33a362cbddc4f8dcc014c6c112d4ce1443196b029e33fb7d35fe4b3ba31d30b17b3957f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\6YT8K5K1.htm
| MD5 | b4a58cc001e8de2c4a004a34754c181b |
| SHA1 | e701c2b107a7dad7c2c0d16eb683545999ac6e0a |
| SHA256 | 99dbdb6ecc88d23eab1da35a8c83c6f0c1eeffdcdc70308b4f89a8911d378a51 |
| SHA512 | 7e61b86b132bed735ab9b9e3b11f286c54bef2633f3b7c41019e587184d4246c7bd284e5bc2fb83b7d194e777a027577cee44bcd1d9ee8a74cb04f4bfedeb35a |
memory/380-656-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search257G4FCC.htm
| MD5 | 4cb965b8e878dea7302dcaa7513139af |
| SHA1 | 26cb040160f059ffea2187810a739d68db3f9c53 |
| SHA256 | 976a8e646096675f3fb1a827dde59f4e2ced0e85b1d694cb61f200b458e3e4b0 |
| SHA512 | 8fd991b8551d1cfcff8b83ba684b2da262566403d2e7dabb7c8da9afc5333bf0344da8c888526e46cd750d1ed9e27355f8e563939425546cf5fb3134d84128b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchGI9XCE8J.htm
| MD5 | 22bcea7414e1e3dfa0da8f1dd9bf5c3c |
| SHA1 | 412acf7c28f9cd4b104820d54819930d4afa425e |
| SHA256 | 71728689ebe7033abb8f921ea52c2d007dde7cfd0fd0bd67dc32ca398cac2c4c |
| SHA512 | 49c23bb5e9d383e7b110d06822b60508a7c9d668192b45e8add3a2075c56deac398b2d976b3c8ab52af01f746c6909fe8065efd2053e2295bba8fed602ea9a6e |
memory/1980-704-0x0000000000400000-0x0000000000408000-memory.dmp
memory/380-707-0x0000000000500000-0x0000000000510200-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 12:44
Reported
2024-06-20 12:47
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3000 wrote to memory of 1076 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 3000 wrote to memory of 1076 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 3000 wrote to memory of 1076 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 3000 wrote to memory of 1076 | N/A | C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\637584768cadfd84af293b0578c4441cec915774f0cef0baeeb0b99b55f360a2_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.2.155:1034 | tcp | |
| N/A | 172.16.1.3:1034 | tcp | |
| N/A | 10.87.149.58:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.17:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.10:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-hfd.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 23.63.101.177:80 | r11.o.lencr.org | tcp |
| NL | 23.63.101.177:80 | r11.o.lencr.org | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | email.apple.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 18.119.154.66:25 | insideicloud.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | insideicloud.icloud.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 192.168.56.176:1034 | tcp | |
| US | 8.8.8.8:53 | mx-in-mdn.apple.com | udp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt4.aspmx.l.google.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 8.8.8.8:53 | mx.insideicloud.com | udp |
| US | 3.18.7.81:25 | mx.insideicloud.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| N/A | 172.16.1.196:1034 | tcp |
Files
memory/3000-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3000-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3000-15-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1076-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1076-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3000-27-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-28-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | fbc9222d4bdc4245b0272936e8b71285 |
| SHA1 | 7b73d1c94057c51ad5bacac19648dda408374339 |
| SHA256 | a6d0202843c2b1b14f750351216e705843cdbce3f169bc96d36b18e9b014ff48 |
| SHA512 | 9a2b5f922567bb608b629e124b90208a2d6d7a8d04a7da4a4a3e57e942f697f420505ca44bc17065f0234896bfde3ff3ce0f9e6553cfec694c11bcf61b8b9fcd |
C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp
| MD5 | 78a325e0de6fd956726c3308accb716b |
| SHA1 | a634be6c9f34513eae76d74409ef1e8c4d009c0e |
| SHA256 | 9badae61096ce892f3943fee6f89309339753ca8a9066b292afdad62dfea4aa3 |
| SHA512 | a37cfbf2a4a8b03cf9e3ec9bcae46f0bc2b24b24f00116dced346fe608a5f11e7e44b4d571c698221efbb4fd6856f7c73730346112a27ad8b335d4e408a9eda9 |
memory/3000-46-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-47-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1076-51-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3000-50-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3000-52-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-53-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nhElkwbtb.log
| MD5 | 4639a6b122bc7c94b346730630e7eafb |
| SHA1 | d0d4f470b16bc3ce28e59b1cbae7d938826e5a15 |
| SHA256 | 3ecfcdf498aaab29a1775d18dd88537b3e12b751a982da89c5de64772cc46964 |
| SHA512 | 8fd96f2615cf5d9e32b154264f7d9c83c5581f93ef5a6e0492ed8e08c27db8d2b3c6affe2fb0bcef95828be98651d2c889c8f190dc36152cc9297aacbc38f544 |
memory/3000-57-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-58-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3000-62-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-63-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3000-64-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-65-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1076-70-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 18d630d09adea84d051088131050d403 |
| SHA1 | 1b90b2125a1ca4f9b9ac6aa6cba0114dbe2df92a |
| SHA256 | 5fd40c8f5184b1ee0233e70aa91bbd2ecef6425e02df9bb07234c746f3043dc9 |
| SHA512 | 38ca13eb569eb05ef4bb094086c75d92a1235f9c678bc4173311dfe84029e8b00a8c177f41a49bc13749cf54bbaec9caf18668201c41227cf51bace8cbd9f790 |
C:\Users\Admin\AppData\Local\Temp\CabE1E0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE310.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e0ea965508b1cb88787a4a409adad46 |
| SHA1 | 0331555e1a6ce359b05604fa6a199454d4fc3787 |
| SHA256 | 57be498c69cfd53420d3e545b2351e53f4191b31108a253c69112b7580790f2b |
| SHA512 | ec1d5c40d7d80fad20df78cb88ed6ff4ba333eca5245565f0b51d7f86586444983c08b58b7eaa36154a756ea388bdbb765ea1575a50386df9d41ab0443015a16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85ff71c42da9aab022d06fc241f99a1f |
| SHA1 | d76bd9f3e398b40349dc22bedbb7d88d3e5fd63d |
| SHA256 | bc8431ca1853b01042d0b510a64b1ee4d32c054ceb74e7ce65394787c316e9e9 |
| SHA512 | f8a1bd634179faced866be0821d4d427e42dbb36d55695d0b34c4338cca733ff38ae911f72fb0bcb42e1f56f9543bf3e8bb875cfa70a3c13b5b2c99085e0c486 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc841aa40cb0186fab4dbbedd3bc1a32 |
| SHA1 | 28d9a7698511813cbd336fa371dafe6421489da2 |
| SHA256 | 4e2a624f12a7d3af22fa1b0478bd760d8e94ef332e4e30a8f103e4106e58c8a6 |
| SHA512 | 7e306fed6bc1f518cd031120d67eda362a62d6c672748ba6bc591c4fcce99654c7f6933ca7b496446ee2cd9c184d85b83cc42f197ad235286a4e7aa1feff4a41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 402ecd152fad7ee6b3316f040929c64f |
| SHA1 | d11424e32c0af77fa45ffc63d2c840ef3d38527c |
| SHA256 | 39c5ae00209f73107dbf13b514a0e4749d120574dee2c7a2abc8233462996f61 |
| SHA512 | 78d3c47607f6cc054baabce300102b77dce5c4b464726f42fcd477b5d3f96bdcc8606c7b1cb5f4cf7866ab1f6714561171cf3a314c188a8c9ac6db070f0dbf43 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\U3689LP9.htm
| MD5 | dc07ad1c179d145bd96895ab3b21cd73 |
| SHA1 | 3741e6ccb033a1c0e7f07c084385888108fb9ac2 |
| SHA256 | d19f435ca980e239b99e9965e9db44798f8aa8c1a76a5f193d2395ccc48fb236 |
| SHA512 | 843715e97f93bbd29c29e97428d6018712eff0bce272895f2bcbe48599f0724b3e546da5503b0a142d60fb8c6b5475d18b684ab0966ec40a4abbf15cbdf21511 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\search[4].htm
| MD5 | 3fcd677d588f98ae7fd79c0987170b54 |
| SHA1 | 5716786d0faa9536ddc00dc049c29f6a0aa7446a |
| SHA256 | 1f608be986d0ec9e75527eb57baff78f17257deeb540aae08010d228cfb070e0 |
| SHA512 | 7a85b8826ed4acbd214bbbe42ea5a964548f25840cb914a28e6b22ae6438656c58579dfae18a42851fbe33d8fef20e7e9e01660fd3eb52b7dde0e36b929aef85 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 5a34c328a7a118b41f141e40f34c58f9 |
| SHA1 | 3ae7a84167f17d3ec98d5ea3f799322be20201f1 |
| SHA256 | 6c20ac97502a608a94ece2ea1f8afeb2af51c8771179bbd678aa0af94e5b12c2 |
| SHA512 | d20fe0477bd54198efcbf5900494090a7a38f4b0b0491a2628cb6e2a236ce1b79d706e343ada3914e520d6f59d47963c9f6b8daffdbb111266e54a3eea80daee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\search[7].htm
| MD5 | 4e92f0cd7c1167dedcbb30c618c05f64 |
| SHA1 | 82672ee3fad846b1736466643f91c6be8ba56b94 |
| SHA256 | 22490c41806c40782c89899b8909da702fd19039ca3d89f27dba3a45c73403ef |
| SHA512 | 652bad0bfbad57f7e0d0e097abef45fd2255d890b6595f54c9f93218a49800e4ef533e045f92d23e59208db66318fce2705b078d232896c60c153e833af9a8b9 |
memory/3000-442-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-443-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\search[4].htm
| MD5 | e232e1638623dc237a743e9549ad6474 |
| SHA1 | 3e71b93c10e16548f198400a0ff020ef53b46e5e |
| SHA256 | 7237c43453eb9a35cc505f0e3fa7ff9b759c8e1daed727a71ec77ed7a81e17cc |
| SHA512 | 6ae2464ffbb8e5e60f5ba2ae2d1e0bf186ccad0d1f81b3013f128557899de52f64a19bec3ff8c3113b7a5903f88eece5903db4f76b744d335452b20d1eeaebd6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\search[7].htm
| MD5 | 5baf981acb81312b10a661d7804a073e |
| SHA1 | 9f774656f1a8f6b3b9b436df8294748d23e29227 |
| SHA256 | 8569581461c3293e81ee79c0c194ee0f7f443a7fb793d6d5cc8b65487ae18c71 |
| SHA512 | b5681d1ea78f645b5386bb6d998bf50e6352f7226001c6c1fc068d68daa762cde1e4abdb17eb2c968a94547adda2ab36813eb708d726dd79969e3c27236fb62d |
memory/3000-469-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-470-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3000-473-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1076-474-0x0000000000400000-0x0000000000408000-memory.dmp