Analysis Overview
SHA256
1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7
Threat Level: Shows suspicious behavior
The file 1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-30 00:53
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-30 00:53
Reported
2024-06-30 00:55
Platform
win7-20240611-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1832 wrote to memory of 2204 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 1832 wrote to memory of 2204 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 1832 wrote to memory of 2204 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 1832 wrote to memory of 2204 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| N/A | 192.168.2.16:1034 | tcp | |
| N/A | 172.16.1.182:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.40.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.107:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.108:1034 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-hfd.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| NL | 23.63.101.170:80 | r11.o.lencr.org | tcp |
| NL | 23.63.101.170:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | email.apple.com | udp |
| US | 8.8.8.8:53 | mx-in-vib.apple.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| US | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| US | 8.8.8.8:53 | insideicloud.icloud.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx-in-mdn.apple.com | udp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 172.16.1.108:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | icloud.com | udp |
| US | 8.8.8.8:53 | mx01.mail.icloud.com | udp |
| US | 17.42.251.62:25 | mx01.mail.icloud.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| N/A | 192.168.144.131:1034 | tcp |
Files
memory/1832-1-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1832-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2204-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-9-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1832-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2204-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-24-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2204-29-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-30-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | a202a8baabc77f7259d55f0ddfdb804e |
| SHA1 | e1cdbaf1a1aa3348c3f5c5ed296e9d6ae13e7657 |
| SHA256 | d00135ea68e7ce96e9a3302560d5716cf530f41864488cdc34beec48a3e5f4f7 |
| SHA512 | 64997301162c32e7fd54f359cf772af7828bbf49b3f98d0e6cbb4d0d5770e6b5bbbff8e7268678a084eddd1517a9464abf9773c848671cb6bf841ca8fb14c942 |
C:\Users\Admin\AppData\Local\Temp\tmpDA5A.tmp
| MD5 | 6afcc372c3199945deb6737af0fc9775 |
| SHA1 | aa2a30b80afda6a64f00db0b3181c28f44d7a774 |
| SHA256 | 1f408de84cfb0413aa59e2892629eeb2c57c6fb3887ee6c8c295d618ad9c68b3 |
| SHA512 | a8857439a006684125702e20ca186cd221c7da9cc88cd4127d759d0302b1f098b39b4cfb383a45d375048e30dbaacc69111953efda8e1a7e9ce08fc329db369e |
memory/1832-49-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-53-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-55-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-60-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-65-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-66-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-67-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-68-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-72-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-73-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 27f63f3da48b460cb8615874e51688ba |
| SHA1 | c1bc08a0a68aa659fc9798688df8d009db021616 |
| SHA256 | 20fae73c0297dd32317cd498aa01221f0e80264ca23a5bcb0e1f3c2829abc6e4 |
| SHA512 | 7bbdb11b62d9d51066286e1f2028a62bd5e0228ba36c058150856afab12b09f63bd6038065a8326bf13abd7f5c1dba5834ff85722c0d3f3fe7715b1e4afd6ebc |
C:\Users\Admin\AppData\Local\Temp\CabDDCB.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f269b9e414b10d4aa7a4d0dd82353f0 |
| SHA1 | 418350fc57431f6832d80aa8bef95801247b9ac8 |
| SHA256 | 62badadde29305e756ebcaabb012032f09aa320f0479160961740b1a0abc4e73 |
| SHA512 | b9f3f989e20958301d6cfa5ec5f57bdf9c74080aa0c5a3dbb1437a30f7238405d25c026bac50a216d4abea6f994474a5daf60d74baa8be6dca9ac514e71564a9 |
C:\Users\Admin\AppData\Local\Temp\TarDE6D.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 419cd304c77b49878f31e74a4a758294 |
| SHA1 | 4e81980b079fffe519cc84fdbdc1743c56376c35 |
| SHA256 | 3b5baf5670900e2adbb711711d3f4a4359d193881e5edfd393ec6b9a7552701f |
| SHA512 | bd9403d0ec2f41fe85cd6ef6e428b29a14e01f245a5c0dc0565c161424732f2938ff6c86a585fb4e88cc037f4958532fdb1c94eec3cf19b53f4f6354c1133611 |
memory/1832-268-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-269-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[6].htm
| MD5 | d9c20b615e75f1aaa0ee292be7e1fb7f |
| SHA1 | 757fde0a04d7409c86d93070d41221053b9f0038 |
| SHA256 | 671b7a7813445b09fd49645ca2af275e0595725476094518cbc8e995fe748208 |
| SHA512 | 718204851523de34c698a87536c98edaf3866bf87521872e9f71362b3c39769eea11bccc9ea180aad4262e5b1e40f9eaf8b021311229323106b8a1dc5773f937 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\search[2].htm
| MD5 | 89b9a81688e7ea934b0e5562c03c30a5 |
| SHA1 | 1542691b281363144781d5c78d3e5d8973b12181 |
| SHA256 | fed560ee492754b85907d93e1048853d00d357b98fe5cf149fc4bc873eb270ca |
| SHA512 | 1c4b9ad415ac9470f52815215d6e065d9c2530ab9aa22fd34fe702ec335a014214dc85f250179664898be8ee777d0e3fcc7771ad5e7abd27d90889b9db6b55fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\DOJVPFCG.htm
| MD5 | 7669516e9344d283fecc3affe6cb2d32 |
| SHA1 | dae38e8bec95fa21b61e4562a24fd9f36df43a11 |
| SHA256 | 0ec82bba4fce51e34e26ab652caf1039a19dad8a79ea2d7ff5d730e0011ae3d1 |
| SHA512 | d27478075be5eb074f16c906208035a43cc1f3622ce90c35c35b3f343b5ae5fa3f295765d2781b6084cc2d5a9e721c1dd430b35c937fb95bfb272fef3ea08379 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[5].htm
| MD5 | caee742a010a2c656d117d07233ee114 |
| SHA1 | 103139e12f6e8a3b7ba8ef891d3b1132e6f2f14c |
| SHA256 | 46c56d0dc830b7dfaace3b8c5b14bb8b4b4baff7af188f64cc3ea5f278b4c884 |
| SHA512 | f8a7f25a60b2a2a74c8a833e3f129d595ddce4ed146baedd99a2d1ea9e688b2541d11cf888684df37f196ac8a32c7c2a487c889fd7931ff32178a929414849d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\search[4].htm
| MD5 | 7a1923bb4ebc9e88090c8651922e75d9 |
| SHA1 | 72affd127b8630e8dabdee864ac86abf3ba13924 |
| SHA256 | a091a42b8c9743fe720f11909ff0817720c5b82777aa0717b918b06aefa73f36 |
| SHA512 | 1f5eee336796be1a4af21f61cc698961c6c5cba78bb0a50fe0c90fb4221fea7d80adca9d46f66ef93b5cc04fbddb26a344902f167c968b5b896eab71c41b7649 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\searchM3UT1ZZD.htm
| MD5 | 4beba718b09461e65c0d2c278c7f9ceb |
| SHA1 | 023080bcadcfd2fb46caff998c9eee4e47baccce |
| SHA256 | d67433df49933d6c6e418df0fb18e16c82246cfd714642db03cb383774666022 |
| SHA512 | 641b83f66f47bac018d5085d72b0fde1c3574692024cae3f21b23f8ed736566fa97b592a3876fd1439d2d720acf6c768625b1a3003579b426ae08051c98a1e0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\results[4].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/1832-470-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-471-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1832-483-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2204-484-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-30 00:53
Reported
2024-06-30 00:55
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2028 wrote to memory of 2520 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2028 wrote to memory of 2520 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2028 wrote to memory of 2520 | N/A | C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1415e790333a048eefb919921346c5f9f9d179e01b959204d2fb892b2801a6e7_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 192.168.2.16:1034 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| N/A | 172.16.1.182:1034 | tcp | |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| N/A | 192.168.2.107:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 172.253.116.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.194.0:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| NL | 23.63.101.177:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 52.101.194.0:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 172.16.1.108:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| FI | 142.250.150.26:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| NL | 52.101.73.27:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 172.16.1.108:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | mail.com | udp |
| US | 8.8.8.8:53 | mx00.mail.com | udp |
| US | 74.208.5.20:25 | mx00.mail.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| NL | 142.251.9.27:25 | aspmx4.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.111.82:25 | outlook.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.144.131:1034 | tcp | |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | tcp |
Files
memory/2028-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2520-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2028-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2028-37-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-38-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 09a381723e26efb38f9c68031c0733d3 |
| SHA1 | 3083607c2c1e55d36bf0a435f549f2803701caea |
| SHA256 | ae61fd60823b1fb67d58417dfca74a89fab4341600c8420ee57811e47a55c614 |
| SHA512 | 7061cddd7104c9c4afb1b8ce229aed1f7cf7ce5e7e83bdafe0c541c5898c24b9e4b91675b94935fcbfdb8be0ca104db429a538532141a348372874b57c7ba897 |
C:\Users\Admin\AppData\Local\Temp\tmp728D.tmp
| MD5 | 0f8d9541f8771d3f4d6c468dfbbd5741 |
| SHA1 | bffc62ddb67189562a7c20efb0a721f6e7f364e4 |
| SHA256 | 622981545df87644fb8c3f9c11a3d442ba1106651c319074ac44570d112748cb |
| SHA512 | eb785bb0b1f470e677019578535abdd36e7b921144080285e9515cec19871b01e91cc35c899c9c9bc073de3d27c499c6117142e76617f02449d339a34a65b3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\7KSZ5RPD.htm
| MD5 | 5690f7a9f49576e59f8aea15c093ba10 |
| SHA1 | 335311ddebcdc509cec0027734ddae980c9feed6 |
| SHA256 | 2ad53de52043f9066871e76ab79fb1c9e4829b4d522d849db7a3ec7c9602842c |
| SHA512 | 4edc03bca3bf577eb6a83c23348a9da0d0ff745e56805c0c2cfe7fe850e266901a8bcedb758b8d2e910a67922ae037d07928114d2532d462ba3917e5ecc84289 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/2028-154-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-155-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[5].htm
| MD5 | 440e966909eeb3348fa7458b633f1d3c |
| SHA1 | 21ec03c236972822967fec4bc91aecdd79ed6c59 |
| SHA256 | 614724512ae2779a29fec7ef8f0234c2c1db7544afbf2c863557d0d99b8db14b |
| SHA512 | 06e45f88c63fc7fed45b04a19439168ac4c6b6ea48b9852935324bfbfac9a9271627fabb436112aa2329c5b1b2fd59bb380d6806376de5d6824638a1685b0e5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\results[1].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[6].htm
| MD5 | fe54b52ea717391e95835f3e99548f5b |
| SHA1 | 6f64961113fc568a1c9155692c5b139a741466be |
| SHA256 | 9b6b2bf7a147a0f2774090452fc231e50bba8a8affd7fc3802205d33cbd2decf |
| SHA512 | 7b5c78342c9d6bfe39e395dc4db3df3ea2fa6dadd438a87a95c0ac3bdc016db0c47bea095e4c18a3b8f030541bd6f6c1821eb7c3e7a8408cbfcd92388e4cde21 |
memory/2028-268-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-269-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2028-270-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-271-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2520-276-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c0d760af97f685913e242c90e2e8390a |
| SHA1 | 45ca17bfd84863acec301f6e5545b08508afd426 |
| SHA256 | c28868989e4b41b55a1f1db8b2f60faf13b7e92eae1b4e6bea490912ed5c554f |
| SHA512 | 043f382e7682a82d775b888e2b8d2c0746fbcbe48b045b69fa2bcc01cccd6c84a30397649f3cfefa8c17e31621d09d94d4a748bfacb27cff1d7d54f2528cf9a5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search[10].htm
| MD5 | a8be783a9ff7b6a1273ec6de549e4cd3 |
| SHA1 | da6ade106b4f52517f5ec0da77e1a7ceaaaac7e6 |
| SHA256 | da7cde96f433626ea7a703a380a2e8cf954824e6f3aaf9873564bdaa91c73e79 |
| SHA512 | 25513e150b687b1942ee80452d0825fc0245ca6b5bad8187a1b0ffbef435d4cd4eb1890c556a9b65d9a98afd8cf89fb2afc57caa5868f167e8fd8158249e9e3b |
memory/2028-330-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-331-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchN4L2CG56.htm
| MD5 | 30119c29562e1f03bcfb0db58e6b8b4b |
| SHA1 | 7d31323c9763eddcd252c55133c042ce6608491f |
| SHA256 | e6e286fd2ab5f5bebddf0d8139c9fd958db1593603c0cd08c036c33e7d455119 |
| SHA512 | 89244364c7af95eeed50cd750d7960b955c771a6a3a4393863ea8b66253fd91902dc07350cc76c51124b9633e02b61db7856f02a0668fb066bca4d0785e741e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchXBY9CJ8W.htm
| MD5 | 8d4245b03506223d7507b3abb4828e08 |
| SHA1 | 12d086b25f3a864f17f2e8d84a7d86571063e487 |
| SHA256 | 7ccb87ee0f72a43f5df9e5e8090ac137a681790ed3b9900b04186072791aa749 |
| SHA512 | a8fa97223bc27ff11e568fd39555356208dd2276049b1f9a7e5423601fc2f6b25abe744320fc4a7268789583b73bf779b2826df51a363b0a6d3937dba085901c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\search4KXH4VWY.htm
| MD5 | 955fc8239922b8c58be58e0dc3a7cd25 |
| SHA1 | fe5e9a54253b9a8c75249a787bf01292f8b6ed05 |
| SHA256 | d1a3f580dcd5dba4ac0bc310e4c959cd99cc40e386fd0d9fcd502ab432cba758 |
| SHA512 | 8306f00d7790a01cebfc0f89ef2efb35fdd5c1a53f6920271ad0e6eaae34292ffcca667226108cf680f34571d5af42a9ac5226d86c905c999bfedf567465afb9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search0DSIBIFG.htm
| MD5 | 0ff37608f3fdd74d31d64e109792d3e5 |
| SHA1 | e2b85bc959700bd3aff185eaa41a28234fcaef5a |
| SHA256 | 807873f5b4484c32741abf61410049ba33289e1ca2d37d500a2294fb3878fefe |
| SHA512 | 742fab3218cb0c99f585832e4661458cdf82dfc70334de16c9205422f6525fa130b55e3df78a0790dac2247fd8ca39d353bd24c4af0beafc0b6eb7c3c97564c3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchUW3YFIHD.htm
| MD5 | 101c989c7323a97531b61c11754d2e72 |
| SHA1 | a016c72cd0d2b870448cdc5bc009afb1b24834d2 |
| SHA256 | 55379cad8e0fa75624475b3add5def17c42f34014cc22a7e2e18f010ab50b26a |
| SHA512 | 038552b6616a8babcda4170863f2706478428ae36c351820c6eb806ed9dd11e09c4b499c7c54e6f8568ab3f37a86e630f6c5d955cd5a53cd7ed930deec705f24 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\searchYPUQRFT3.htm
| MD5 | 92abb900c0cb144e4f1d33bbc4aa5082 |
| SHA1 | 164978d20c42e5c18d652f710570828cf9510c5b |
| SHA256 | 5d68c84cbf14675ae832557ac5a6eec8261d1ce07ef552c8d1023c5ffb9abd86 |
| SHA512 | a9b4a009500fa55d3ab7a893f3080cef965045123b8e91d825d9b523943fbe4d89e50d99180301adcc31e80f33f8d21d406d81f05bdeb92d42f743ad96b18add |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\default[3].htm
| MD5 | 14b82aec966e8e370a28053db081f4e9 |
| SHA1 | a0f30ebbdb4c69947d3bd41fa63ec4929dddd649 |
| SHA256 | 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf |
| SHA512 | ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchOR2EYA4P.htm
| MD5 | 33aa9c8debe074f9a484c6466ad23f25 |
| SHA1 | 811c329db85daa05c8f3eccdf3c2f5ca9533a9ff |
| SHA256 | fb7b018b8c3870e7c2c1a3533d5ccadcd928c932d679384fdb505978e17f0760 |
| SHA512 | 8f9051b8dd033d5fc35c67772437855069998537af79baf7ae8cf2ef682f2c5221457d81f9c5f1ad9a210213ef51bfd7a6d41d83988eac43037d9555aabd22b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[8].htm
| MD5 | 543b12dd3018c43819a2fb8a683692e2 |
| SHA1 | 79e17f7bd0c5281b1f9717b071a7af429c00fa9a |
| SHA256 | a4f0587fffecf4dd57a1f393738e69edec4d8ae8fc944ec2d76fc13827099090 |
| SHA512 | e94e96966112adc1fd8a6b73040359cbf9d81391a85240d4969bd58162b10cfe5d3ded14fba9ea163d83a2e5bcad9518d762c6a2af68821d3f3b442e1beb1ad3 |
memory/2028-485-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-486-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchQ8EV0WX1.htm
| MD5 | 0f9a9acf5ee9311de1c5c951939553b2 |
| SHA1 | 6afb725cc0902b608d0b023987fbe67b64578fd7 |
| SHA256 | ccc82ee54f05201f6a5f408f3aa5da8e3389fde34c6b4a77fba250235f5bfde5 |
| SHA512 | 25433df6d5e8cb799aad4bfd8780a1d29af5d650544383fc63590edd5c3274eb01b1d07ffc661fb698dc546bc6a95e46ccdd0e560582d0b6974b72386cddf9b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\results[6].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | fe30312bbb6ef00d76ca75ed65c8dfee |
| SHA1 | 9314a6922a5d2bd09c32c95e529720b8a43eb40e |
| SHA256 | 84da56d41ef7f1caa1f6d5993923b14f54082f9b9fb4c561bdc17f974ff2f320 |
| SHA512 | 71abe2d5423f48d17486c39314586b3a451919fce319ea743962d3e295c6a0678cc3526a344148a508291345550263f2b583111769dea0e06cbdca4849424847 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search5F2DCGBZ.htm
| MD5 | 6d7c29a56161faa93391b0f4f2db1317 |
| SHA1 | 811331ee9e7a41aef36d984580916c08582d25ff |
| SHA256 | 2631f64ec5bd33df0bf722775ff46e4cca1337f024188f70a2cb6bf74d398be2 |
| SHA512 | 9c98f0f9e0d0c7c63b73de512e4db8ff4274a39a252f5813e0360a24190832ecc6fa26ba29c30ab74dbc06bae65806fce9d216d60d9b472b063e45a8d491ad98 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchZIUD5K2L.htm
| MD5 | 0e3cbc266bddb8087314398940c66c50 |
| SHA1 | cb97fcd0a52a81563cd07bff25961f1691268f56 |
| SHA256 | c880191801d2cf8ba232d74970819f4b423456e84921cb61077906fba3cf760e |
| SHA512 | 9a2720f505cf771c572c5d7d60db7cc15c547a83cdf3c6ebad2feb60f05ec4f08ff0825953ee33427f88016c9e07a429a06c5cd63ffae34c71e926d2e03b4731 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[5].htm
| MD5 | 962326b18a9371a2ab0d62f8344a4b88 |
| SHA1 | ebb8efe1050783f54e7cbf5733652b53618f5fe3 |
| SHA256 | d8bf12e625496b727a6c62f532c570d3d2bfdf67301b21c8cbe7eb2502dcaaf4 |
| SHA512 | a4287d699ce54a01c945b45880dfcedfb932be7b923dc04f16e26c8f32a3ae871661ba59173b93e11ce8b46ac98fe8a75abc5900a69dcd983f61a7585cfb7a81 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchWLQZAJ35.htm
| MD5 | 91fd64706b6249afd540fe428a47ef69 |
| SHA1 | 9cacd563d5a468cb1c3362994c4a22eab68023fa |
| SHA256 | 3a678722ff3d62287ccd61cff53834d7d64bc3ff69f2e26ba7aaec5271c5f1ee |
| SHA512 | c87ca01fcd4cbae642b43eb6abd252e7aa6bd0a894790fe770c3e3cd42e2ad9da3975300c967d4e1d81c3917ae3cab1b2e3e8666076658d6a833f9227e8107fd |
memory/2028-610-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2520-611-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search9XBY7T7X.htm
| MD5 | e2c5bd2e4ff72ce6196ee5abb3bb7097 |
| SHA1 | 75780a5808c9b2a3a7db0c1f0fc9b295d95dbdca |
| SHA256 | 96b65ebbbd937d0405bbd4ec91f9a65ee3eaa3616fa5429a130b587d16c9d224 |
| SHA512 | 1d8cc2ee4b5f2b6a2bb0fcd2b7977b039be63a190a4271210560e150ceb7fe16c3f5ee716b1d3d855eaa1d58977efc8dd104422a8bfa14079c9593544f648147 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[5].htm
| MD5 | 07e7f79a73e31e7392110d7af5f50554 |
| SHA1 | 47011853aba4da39efb7ac2053301cf52e920355 |
| SHA256 | 359ab0e1b8381d312bd637ccf2e62d4d7bc81f526bce553a9737fa57a10fae57 |
| SHA512 | 37040580c3f83cc477ed04c856bf7c679b5dacb18e5ffaa7c43b134388ee859b3ed88d538c3db42e1fb05eddea0bb5f83440f212eced905eb6f2c66782506595 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchBUORZS2G.htm
| MD5 | 3973f8a2f4219559e1a807406bf94b0c |
| SHA1 | 3b2b85c3a8bba8e7fd6d50bb0d28e27a39a22bcb |
| SHA256 | 06f8623f9f3694654192063781c9bbb5674f1f6c45b3ee4c17afd2f3e0cb8caa |
| SHA512 | e6e7b845e326bc557ee4adf5773fbb8d58d39a2dca55b7a2f4dbfde5c5ec2fcdea954f3c6f25273dd0cb77a347b0aa0e5f0ac464eeb6d1e7bfd0de1181203b07 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\results[8].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |