Malware Analysis Report

2024-10-19 11:38

Sample ID 240630-a8s52svakm
Target 1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe
SHA256 1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7
Tags
upx persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7

Threat Level: Shows suspicious behavior

The file 1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx persistence

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-30 00:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-30 00:53

Reported

2024-06-30 00:55

Platform

win7-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
N/A 192.168.2.16:1034 tcp
N/A 172.16.1.182:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.40.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.107:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.108:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 192.168.2.18:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-hfd.apple.com udp
NL 17.57.165.2:25 mx-in-hfd.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
NL 23.63.101.170:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 email.apple.com udp
US 8.8.8.8:53 mx-in-vib.apple.com udp
GB 142.250.187.196:80 www.google.com tcp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 insideicloud.com udp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
US 8.8.8.8:53 insideicloud.com udp
US 8.8.8.8:53 insideicloud.com udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
US 8.8.8.8:53 insideicloud.icloud.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.108:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 icloud.com udp
US 8.8.8.8:53 mx01.mail.icloud.com udp
US 17.42.251.62:25 mx01.mail.icloud.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
NL 142.251.9.26:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
N/A 192.168.144.131:1034 tcp

Files

memory/1832-1-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1832-4-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2204-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-9-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1832-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2204-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-24-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2204-29-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-30-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-31-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a202a8baabc77f7259d55f0ddfdb804e
SHA1 e1cdbaf1a1aa3348c3f5c5ed296e9d6ae13e7657
SHA256 d00135ea68e7ce96e9a3302560d5716cf530f41864488cdc34beec48a3e5f4f7
SHA512 64997301162c32e7fd54f359cf772af7828bbf49b3f98d0e6cbb4d0d5770e6b5bbbff8e7268678a084eddd1517a9464abf9773c848671cb6bf841ca8fb14c942

C:\Users\Admin\AppData\Local\Temp\tmpDA5A.tmp

MD5 6afcc372c3199945deb6737af0fc9775
SHA1 aa2a30b80afda6a64f00db0b3181c28f44d7a774
SHA256 1f408de84cfb0413aa59e2892629eeb2c57c6fb3887ee6c8c295d618ad9c68b3
SHA512 a8857439a006684125702e20ca186cd221c7da9cc88cd4127d759d0302b1f098b39b4cfb383a45d375048e30dbaacc69111953efda8e1a7e9ce08fc329db369e

memory/1832-49-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-50-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-53-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-55-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-56-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-65-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-67-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-68-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-72-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-73-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 27f63f3da48b460cb8615874e51688ba
SHA1 c1bc08a0a68aa659fc9798688df8d009db021616
SHA256 20fae73c0297dd32317cd498aa01221f0e80264ca23a5bcb0e1f3c2829abc6e4
SHA512 7bbdb11b62d9d51066286e1f2028a62bd5e0228ba36c058150856afab12b09f63bd6038065a8326bf13abd7f5c1dba5834ff85722c0d3f3fe7715b1e4afd6ebc

C:\Users\Admin\AppData\Local\Temp\CabDDCB.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f269b9e414b10d4aa7a4d0dd82353f0
SHA1 418350fc57431f6832d80aa8bef95801247b9ac8
SHA256 62badadde29305e756ebcaabb012032f09aa320f0479160961740b1a0abc4e73
SHA512 b9f3f989e20958301d6cfa5ec5f57bdf9c74080aa0c5a3dbb1437a30f7238405d25c026bac50a216d4abea6f994474a5daf60d74baa8be6dca9ac514e71564a9

C:\Users\Admin\AppData\Local\Temp\TarDE6D.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 419cd304c77b49878f31e74a4a758294
SHA1 4e81980b079fffe519cc84fdbdc1743c56376c35
SHA256 3b5baf5670900e2adbb711711d3f4a4359d193881e5edfd393ec6b9a7552701f
SHA512 bd9403d0ec2f41fe85cd6ef6e428b29a14e01f245a5c0dc0565c161424732f2938ff6c86a585fb4e88cc037f4958532fdb1c94eec3cf19b53f4f6354c1133611

memory/1832-268-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-269-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[6].htm

MD5 d9c20b615e75f1aaa0ee292be7e1fb7f
SHA1 757fde0a04d7409c86d93070d41221053b9f0038
SHA256 671b7a7813445b09fd49645ca2af275e0595725476094518cbc8e995fe748208
SHA512 718204851523de34c698a87536c98edaf3866bf87521872e9f71362b3c39769eea11bccc9ea180aad4262e5b1e40f9eaf8b021311229323106b8a1dc5773f937

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\search[2].htm

MD5 89b9a81688e7ea934b0e5562c03c30a5
SHA1 1542691b281363144781d5c78d3e5d8973b12181
SHA256 fed560ee492754b85907d93e1048853d00d357b98fe5cf149fc4bc873eb270ca
SHA512 1c4b9ad415ac9470f52815215d6e065d9c2530ab9aa22fd34fe702ec335a014214dc85f250179664898be8ee777d0e3fcc7771ad5e7abd27d90889b9db6b55fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\DOJVPFCG.htm

MD5 7669516e9344d283fecc3affe6cb2d32
SHA1 dae38e8bec95fa21b61e4562a24fd9f36df43a11
SHA256 0ec82bba4fce51e34e26ab652caf1039a19dad8a79ea2d7ff5d730e0011ae3d1
SHA512 d27478075be5eb074f16c906208035a43cc1f3622ce90c35c35b3f343b5ae5fa3f295765d2781b6084cc2d5a9e721c1dd430b35c937fb95bfb272fef3ea08379

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[5].htm

MD5 caee742a010a2c656d117d07233ee114
SHA1 103139e12f6e8a3b7ba8ef891d3b1132e6f2f14c
SHA256 46c56d0dc830b7dfaace3b8c5b14bb8b4b4baff7af188f64cc3ea5f278b4c884
SHA512 f8a7f25a60b2a2a74c8a833e3f129d595ddce4ed146baedd99a2d1ea9e688b2541d11cf888684df37f196ac8a32c7c2a487c889fd7931ff32178a929414849d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[4].htm

MD5 7a1923bb4ebc9e88090c8651922e75d9
SHA1 72affd127b8630e8dabdee864ac86abf3ba13924
SHA256 a091a42b8c9743fe720f11909ff0817720c5b82777aa0717b918b06aefa73f36
SHA512 1f5eee336796be1a4af21f61cc698961c6c5cba78bb0a50fe0c90fb4221fea7d80adca9d46f66ef93b5cc04fbddb26a344902f167c968b5b896eab71c41b7649

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\searchM3UT1ZZD.htm

MD5 4beba718b09461e65c0d2c278c7f9ceb
SHA1 023080bcadcfd2fb46caff998c9eee4e47baccce
SHA256 d67433df49933d6c6e418df0fb18e16c82246cfd714642db03cb383774666022
SHA512 641b83f66f47bac018d5085d72b0fde1c3574692024cae3f21b23f8ed736566fa97b592a3876fd1439d2d720acf6c768625b1a3003579b426ae08051c98a1e0b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\results[4].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

memory/1832-470-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-471-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1832-483-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2204-484-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-30 00:53

Reported

2024-06-30 00:55

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 192.168.2.16:1034 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
N/A 172.16.1.182:1034 tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
N/A 192.168.2.107:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 172.253.116.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.194.0:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:443 search.yahoo.com tcp
NL 23.63.101.177:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 52.101.194.0:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.108:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
FI 142.250.150.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
N/A 192.168.2.18:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
NL 52.101.73.27:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 172.16.1.108:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 mail.com udp
US 8.8.8.8:53 mx00.mail.com udp
US 74.208.5.20:25 mx00.mail.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
NL 142.251.9.27:25 aspmx4.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.111.82:25 outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.144.131:1034 tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 tcp

Files

memory/2028-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2520-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2028-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2028-37-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-38-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 09a381723e26efb38f9c68031c0733d3
SHA1 3083607c2c1e55d36bf0a435f549f2803701caea
SHA256 ae61fd60823b1fb67d58417dfca74a89fab4341600c8420ee57811e47a55c614
SHA512 7061cddd7104c9c4afb1b8ce229aed1f7cf7ce5e7e83bdafe0c541c5898c24b9e4b91675b94935fcbfdb8be0ca104db429a538532141a348372874b57c7ba897

C:\Users\Admin\AppData\Local\Temp\tmp728D.tmp

MD5 0f8d9541f8771d3f4d6c468dfbbd5741
SHA1 bffc62ddb67189562a7c20efb0a721f6e7f364e4
SHA256 622981545df87644fb8c3f9c11a3d442ba1106651c319074ac44570d112748cb
SHA512 eb785bb0b1f470e677019578535abdd36e7b921144080285e9515cec19871b01e91cc35c899c9c9bc073de3d27c499c6117142e76617f02449d339a34a65b3b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\7KSZ5RPD.htm

MD5 5690f7a9f49576e59f8aea15c093ba10
SHA1 335311ddebcdc509cec0027734ddae980c9feed6
SHA256 2ad53de52043f9066871e76ab79fb1c9e4829b4d522d849db7a3ec7c9602842c
SHA512 4edc03bca3bf577eb6a83c23348a9da0d0ff745e56805c0c2cfe7fe850e266901a8bcedb758b8d2e910a67922ae037d07928114d2532d462ba3917e5ecc84289

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/2028-154-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-155-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[5].htm

MD5 440e966909eeb3348fa7458b633f1d3c
SHA1 21ec03c236972822967fec4bc91aecdd79ed6c59
SHA256 614724512ae2779a29fec7ef8f0234c2c1db7544afbf2c863557d0d99b8db14b
SHA512 06e45f88c63fc7fed45b04a19439168ac4c6b6ea48b9852935324bfbfac9a9271627fabb436112aa2329c5b1b2fd59bb380d6806376de5d6824638a1685b0e5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\results[1].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[6].htm

MD5 fe54b52ea717391e95835f3e99548f5b
SHA1 6f64961113fc568a1c9155692c5b139a741466be
SHA256 9b6b2bf7a147a0f2774090452fc231e50bba8a8affd7fc3802205d33cbd2decf
SHA512 7b5c78342c9d6bfe39e395dc4db3df3ea2fa6dadd438a87a95c0ac3bdc016db0c47bea095e4c18a3b8f030541bd6f6c1821eb7c3e7a8408cbfcd92388e4cde21

memory/2028-268-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-269-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2028-270-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-271-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2520-276-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c0d760af97f685913e242c90e2e8390a
SHA1 45ca17bfd84863acec301f6e5545b08508afd426
SHA256 c28868989e4b41b55a1f1db8b2f60faf13b7e92eae1b4e6bea490912ed5c554f
SHA512 043f382e7682a82d775b888e2b8d2c0746fbcbe48b045b69fa2bcc01cccd6c84a30397649f3cfefa8c17e31621d09d94d4a748bfacb27cff1d7d54f2528cf9a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[10].htm

MD5 a8be783a9ff7b6a1273ec6de549e4cd3
SHA1 da6ade106b4f52517f5ec0da77e1a7ceaaaac7e6
SHA256 da7cde96f433626ea7a703a380a2e8cf954824e6f3aaf9873564bdaa91c73e79
SHA512 25513e150b687b1942ee80452d0825fc0245ca6b5bad8187a1b0ffbef435d4cd4eb1890c556a9b65d9a98afd8cf89fb2afc57caa5868f167e8fd8158249e9e3b

memory/2028-330-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-331-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchN4L2CG56.htm

MD5 30119c29562e1f03bcfb0db58e6b8b4b
SHA1 7d31323c9763eddcd252c55133c042ce6608491f
SHA256 e6e286fd2ab5f5bebddf0d8139c9fd958db1593603c0cd08c036c33e7d455119
SHA512 89244364c7af95eeed50cd750d7960b955c771a6a3a4393863ea8b66253fd91902dc07350cc76c51124b9633e02b61db7856f02a0668fb066bca4d0785e741e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchXBY9CJ8W.htm

MD5 8d4245b03506223d7507b3abb4828e08
SHA1 12d086b25f3a864f17f2e8d84a7d86571063e487
SHA256 7ccb87ee0f72a43f5df9e5e8090ac137a681790ed3b9900b04186072791aa749
SHA512 a8fa97223bc27ff11e568fd39555356208dd2276049b1f9a7e5423601fc2f6b25abe744320fc4a7268789583b73bf779b2826df51a363b0a6d3937dba085901c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search4KXH4VWY.htm

MD5 955fc8239922b8c58be58e0dc3a7cd25
SHA1 fe5e9a54253b9a8c75249a787bf01292f8b6ed05
SHA256 d1a3f580dcd5dba4ac0bc310e4c959cd99cc40e386fd0d9fcd502ab432cba758
SHA512 8306f00d7790a01cebfc0f89ef2efb35fdd5c1a53f6920271ad0e6eaae34292ffcca667226108cf680f34571d5af42a9ac5226d86c905c999bfedf567465afb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search0DSIBIFG.htm

MD5 0ff37608f3fdd74d31d64e109792d3e5
SHA1 e2b85bc959700bd3aff185eaa41a28234fcaef5a
SHA256 807873f5b4484c32741abf61410049ba33289e1ca2d37d500a2294fb3878fefe
SHA512 742fab3218cb0c99f585832e4661458cdf82dfc70334de16c9205422f6525fa130b55e3df78a0790dac2247fd8ca39d353bd24c4af0beafc0b6eb7c3c97564c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchUW3YFIHD.htm

MD5 101c989c7323a97531b61c11754d2e72
SHA1 a016c72cd0d2b870448cdc5bc009afb1b24834d2
SHA256 55379cad8e0fa75624475b3add5def17c42f34014cc22a7e2e18f010ab50b26a
SHA512 038552b6616a8babcda4170863f2706478428ae36c351820c6eb806ed9dd11e09c4b499c7c54e6f8568ab3f37a86e630f6c5d955cd5a53cd7ed930deec705f24

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\searchYPUQRFT3.htm

MD5 92abb900c0cb144e4f1d33bbc4aa5082
SHA1 164978d20c42e5c18d652f710570828cf9510c5b
SHA256 5d68c84cbf14675ae832557ac5a6eec8261d1ce07ef552c8d1023c5ffb9abd86
SHA512 a9b4a009500fa55d3ab7a893f3080cef965045123b8e91d825d9b523943fbe4d89e50d99180301adcc31e80f33f8d21d406d81f05bdeb92d42f743ad96b18add

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\default[3].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchOR2EYA4P.htm

MD5 33aa9c8debe074f9a484c6466ad23f25
SHA1 811c329db85daa05c8f3eccdf3c2f5ca9533a9ff
SHA256 fb7b018b8c3870e7c2c1a3533d5ccadcd928c932d679384fdb505978e17f0760
SHA512 8f9051b8dd033d5fc35c67772437855069998537af79baf7ae8cf2ef682f2c5221457d81f9c5f1ad9a210213ef51bfd7a6d41d83988eac43037d9555aabd22b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[8].htm

MD5 543b12dd3018c43819a2fb8a683692e2
SHA1 79e17f7bd0c5281b1f9717b071a7af429c00fa9a
SHA256 a4f0587fffecf4dd57a1f393738e69edec4d8ae8fc944ec2d76fc13827099090
SHA512 e94e96966112adc1fd8a6b73040359cbf9d81391a85240d4969bd58162b10cfe5d3ded14fba9ea163d83a2e5bcad9518d762c6a2af68821d3f3b442e1beb1ad3

memory/2028-485-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-486-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchQ8EV0WX1.htm

MD5 0f9a9acf5ee9311de1c5c951939553b2
SHA1 6afb725cc0902b608d0b023987fbe67b64578fd7
SHA256 ccc82ee54f05201f6a5f408f3aa5da8e3389fde34c6b4a77fba250235f5bfde5
SHA512 25433df6d5e8cb799aad4bfd8780a1d29af5d650544383fc63590edd5c3274eb01b1d07ffc661fb698dc546bc6a95e46ccdd0e560582d0b6974b72386cddf9b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\results[6].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 fe30312bbb6ef00d76ca75ed65c8dfee
SHA1 9314a6922a5d2bd09c32c95e529720b8a43eb40e
SHA256 84da56d41ef7f1caa1f6d5993923b14f54082f9b9fb4c561bdc17f974ff2f320
SHA512 71abe2d5423f48d17486c39314586b3a451919fce319ea743962d3e295c6a0678cc3526a344148a508291345550263f2b583111769dea0e06cbdca4849424847

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search5F2DCGBZ.htm

MD5 6d7c29a56161faa93391b0f4f2db1317
SHA1 811331ee9e7a41aef36d984580916c08582d25ff
SHA256 2631f64ec5bd33df0bf722775ff46e4cca1337f024188f70a2cb6bf74d398be2
SHA512 9c98f0f9e0d0c7c63b73de512e4db8ff4274a39a252f5813e0360a24190832ecc6fa26ba29c30ab74dbc06bae65806fce9d216d60d9b472b063e45a8d491ad98

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchZIUD5K2L.htm

MD5 0e3cbc266bddb8087314398940c66c50
SHA1 cb97fcd0a52a81563cd07bff25961f1691268f56
SHA256 c880191801d2cf8ba232d74970819f4b423456e84921cb61077906fba3cf760e
SHA512 9a2720f505cf771c572c5d7d60db7cc15c547a83cdf3c6ebad2feb60f05ec4f08ff0825953ee33427f88016c9e07a429a06c5cd63ffae34c71e926d2e03b4731

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[5].htm

MD5 962326b18a9371a2ab0d62f8344a4b88
SHA1 ebb8efe1050783f54e7cbf5733652b53618f5fe3
SHA256 d8bf12e625496b727a6c62f532c570d3d2bfdf67301b21c8cbe7eb2502dcaaf4
SHA512 a4287d699ce54a01c945b45880dfcedfb932be7b923dc04f16e26c8f32a3ae871661ba59173b93e11ce8b46ac98fe8a75abc5900a69dcd983f61a7585cfb7a81

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchWLQZAJ35.htm

MD5 91fd64706b6249afd540fe428a47ef69
SHA1 9cacd563d5a468cb1c3362994c4a22eab68023fa
SHA256 3a678722ff3d62287ccd61cff53834d7d64bc3ff69f2e26ba7aaec5271c5f1ee
SHA512 c87ca01fcd4cbae642b43eb6abd252e7aa6bd0a894790fe770c3e3cd42e2ad9da3975300c967d4e1d81c3917ae3cab1b2e3e8666076658d6a833f9227e8107fd

memory/2028-610-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2520-611-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search9XBY7T7X.htm

MD5 e2c5bd2e4ff72ce6196ee5abb3bb7097
SHA1 75780a5808c9b2a3a7db0c1f0fc9b295d95dbdca
SHA256 96b65ebbbd937d0405bbd4ec91f9a65ee3eaa3616fa5429a130b587d16c9d224
SHA512 1d8cc2ee4b5f2b6a2bb0fcd2b7977b039be63a190a4271210560e150ceb7fe16c3f5ee716b1d3d855eaa1d58977efc8dd104422a8bfa14079c9593544f648147

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[5].htm

MD5 07e7f79a73e31e7392110d7af5f50554
SHA1 47011853aba4da39efb7ac2053301cf52e920355
SHA256 359ab0e1b8381d312bd637ccf2e62d4d7bc81f526bce553a9737fa57a10fae57
SHA512 37040580c3f83cc477ed04c856bf7c679b5dacb18e5ffaa7c43b134388ee859b3ed88d538c3db42e1fb05eddea0bb5f83440f212eced905eb6f2c66782506595

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchBUORZS2G.htm

MD5 3973f8a2f4219559e1a807406bf94b0c
SHA1 3b2b85c3a8bba8e7fd6d50bb0d28e27a39a22bcb
SHA256 06f8623f9f3694654192063781c9bbb5674f1f6c45b3ee4c17afd2f3e0cb8caa
SHA512 e6e7b845e326bc557ee4adf5773fbb8d58d39a2dca55b7a2f4dbfde5c5ec2fcdea954f3c6f25273dd0cb77a347b0aa0e5f0ac464eeb6d1e7bfd0de1181203b07

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\results[8].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6