Malware Analysis Report

2024-10-19 11:41

Sample ID 240701-qq3vjatgmf
Target 557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe
SHA256 557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29
Tags
persistence upx microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29

Threat Level: Known bad

The file 557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

persistence upx microsoft phishing product:outlook

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-01 13:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 13:28

Reported

2024-07-01 13:32

Platform

win7-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.65.120.153:1034 tcp
N/A 10.222.21.129:1034 tcp
N/A 10.128.8.216:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
N/A 10.53.7.27:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
N/A 192.168.56.182:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 search.yahoo.com udp
N/A 192.168.2.17:1034 tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
N/A 192.168.2.9:1034 tcp

Files

memory/2008-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2008-4-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2732-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2008-16-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2732-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2732-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2732-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-34-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-39-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-41-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-46-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-47-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-51-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-52-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-53-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-58-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-59-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2732-64-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c54baca0b5f3a02f92cd61856aef23ed
SHA1 6aafa069660b8013e1e4a83479d38a23ad680a5e
SHA256 dd025aad5ed0f3e3551deeb664153f3c221d7309e6929c00eff579eeb74dc313
SHA512 074ade46e86030d775f690b375bdef3eef3f0f8b725a95473901ccc9732db9f222c93253be7e537c467579f695037f0397590b20e25f9ce64316e33cd66a0fdd

memory/2008-74-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-75-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2008-78-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2732-79-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-01 13:28

Reported

2024-07-01 13:31

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\557687d3cd232f7bb6a454226d8f5c0728bab817f2600572df86dafaadd26d29_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.65.120.153:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
BE 88.221.83.209:443 www.bing.com tcp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 10.222.21.129:1034 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
N/A 10.128.8.216:1034 tcp
N/A 10.53.7.27:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
IE 209.85.202.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.42.14:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
BE 23.14.90.106:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 106.90.14.23.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 52.101.42.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
N/A 192.168.56.182:1034 tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
FI 142.250.150.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 mail.acm.org udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
US 52.101.11.20:25 outlook-com.olc.protection.outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 hachyderm.io udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
NL 142.251.9.26:25 alt3.aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 coloradotech.edu udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx2.hc3950-10.iphmx.com udp
US 216.71.147.46:25 mx2.hc3950-10.iphmx.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
N/A 192.168.2.17:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.26:25 alt1.aspmx.l.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.229.242:25 outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 209.85.202.26:25 aspmx.l.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx1.hc3950-10.iphmx.com udp
GB 142.250.187.196:80 www.google.com tcp
US 216.71.149.25:25 mx1.hc3950-10.iphmx.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.9:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 mx.cs.stanford.edu udp
NL 142.251.9.27:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
NL 142.251.9.26:25 alt3.aspmx.l.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.187.196:80 tcp
IE 212.82.100.137:80 tcp

Files

memory/2844-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3776-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2844-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3776-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3776-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3776-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3776-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2844-35-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 971234c54fd69af4a2e51d3dd7d47d51
SHA1 970741a706658746cfea927069625cf764ef4b79
SHA256 470da456f59b592e54d634126b03c9b3a17d8c849d42b061e071d9c2a1a8bfec
SHA512 85fd3305934a45f7afb3848a18e3f9d82df743493d381a563d9808f2d81065bda2f3a96b4f9c1a105ca65b20b65cc676233ba93ca4474b6d509a0313e8bbfb2c

C:\Users\Admin\AppData\Local\Temp\tmp2D48.tmp

MD5 abd504b98dda55a25640c3c0db552a8e
SHA1 89a9abdc5ea1a6195f388ffe7ec2dc9c85b3ca71
SHA256 875f3787ed6de8d9ee328dd858f8437fe395ea453d304b0c7676a0459188f009
SHA512 4e01606fa23e158322c8d58b1f0c698ff1362315ef1ca46bea142c9e2dd9a874bf74fd0d0cbbe947bb8848ac59296cf3fcd3677a0b9124d11ce659f0de405a47

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\9HX4530V.htm

MD5 1dd47ae86f28df3550bfb43504ef5c18
SHA1 db69b9c2d52368eab6612a2df6a8b30bf273f202
SHA256 66e15b8bbda4fd476930e923012203c479617b8a71e3b7da65c4960fdd3be8e7
SHA512 56ca41cd69f3a078199c4679954289edbd2b8b123f088af6e73357cf21ea084fcbc53b61589bffc9b25fbf7d9e87590e0a70b0ca7cc5c9d66c92fc9f8c400649

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\IOAY4ML2.htm

MD5 6317933b6d5610aa811c518f7ec7e35d
SHA1 323f6204cb38f13901090643b4437fca4f5d0c21
SHA256 8745ffa7a9127358db628c8726b0f19eaa05e3e2e85451661c202b9b72850c1d
SHA512 bb483fa743a0985adeede96a9ca6a8ae5c733b9ced3f2f2567b66450a2c39cb1a81e2c33c616cf91dafaa8eef187cda03e2ae6392d0339b46b74dc1c6f5521e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[3].htm

MD5 d4a0868b4587bfd5edbdaa44a9c7ad1d
SHA1 3ea53bcf05ad2aaabd1c445cbd1b6cc2bddd37df
SHA256 1a5708b770af8be81d5d2fc2b5cc0c6ce726f283e558213fb74f6da52fbfb02c
SHA512 3ab009d9afd9f2540de82bc93e50b1ad153968c47e7ac46204c57320d3661476ed96ac776a2d44374f4d952512a6fce12455fa6ae2ba59b2078e3fe1b605945c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

memory/2844-197-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-198-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[6].htm

MD5 36cb1650daa0c49fa34fd13201726a15
SHA1 3abec77a870580c761b71e46ad7a8acd203dc37b
SHA256 be99263eeea8f3e3efef29a0a3398e5db569e6f6bc1e993a850953d2efb06802
SHA512 e1ba16eef13e2d22125087b5f1068498f87a2e1c888e1a8a5ddd3e2caa74defc0807ce6486a65be4007b0c2f0d81735e1520844d548adbb643cc679ab989c222

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 6f17fc32f16f775d4ca0db93dd91967a
SHA1 f84ac1f61a51d4991eeec3aae55de38bd307ef4a
SHA256 1953f593e0ca8b47f83ca68c59b515b2fc1fe78977aa99e116d3d56af99b96f8
SHA512 87158e2a4d11f235d54411de86a11b6ea6ee305b89f4ce84126c190052d2d076bf33d1996b9d14fb7658070ea0f40c79e1557a7daa1fb5fdff9cb429f326ff72

memory/2844-296-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-297-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3776-301-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2844-302-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-303-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0b60a8a7124869e3fea84ca9bff935fd
SHA1 095548afadf3d61082ae4c705636e7f2634624fc
SHA256 9d83433bbe0c1490449cadf945d3c113f12cb7fe3edcf412e9d817ba9bd5f06e
SHA512 58825e8291ff5539f479456329bc4549f1e39a6f0b64f44f97d7004a4859e3ad03dcf53d8de3935f3f914294247d0ca91338464728ce2735f740a62721d83d57

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[9].htm

MD5 cb85295a39e4f1327765cf8d15d1562b
SHA1 c8f73c43997ca477150f2a01aaf10e4ebec7199a
SHA256 b070033df6e3b5bec6d5ff19a5a76ce65aff48f42892c6625c8bb5db725823f8
SHA512 dad00e76b8be09c968d2e7680ae78a9b7aa1757d052685ac57dd4f642f1e42d53b43cb047a38013d201cd3e994a0de642627fd27dc316da997d0da300af5820a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[8].htm

MD5 5739d28a600aac9a9ef561e1866af71a
SHA1 784133f97b1ae8c1ec7ba387d4362421bbca52a6
SHA256 ce7db93cf449e577fe4fb7b49e8d921d26e39ccb1767036706bad1c97a2d501c
SHA512 8a65a292271e8cebfb89860f25f5c2853f46cc6f0a262839a57aba2afe6e9073127de8e56a4074747d4a63a62b8be783cfc16875b716f4554185391d87b7daf2

memory/2844-387-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-388-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\searchYRTO0IYR.htm

MD5 34cf92f876493db19f701b5df5c1e271
SHA1 d06d80dbb182a7ca84c5896c09b92539bcf98a12
SHA256 d24ff5476f470829d7be3b9eff52aacf400d8c85a46a396451336e5b9246377f
SHA512 2955a22a59ac356a6b59419b8aec1ba530a10f76ed642a45733385c21bf0cfa0f5137d52a8f26dfc156967b86f03d0eb216fd948d1ede19c0690b52d7cd06435

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\results[6].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchIESSOVV7.htm

MD5 e6c3733780519ffd974378e809fcf3a4
SHA1 4aff64ae6d4de19046629d0f04b546473f927a92
SHA256 f7940b2f67418e139fed9fb5246b16e02a866b47430809731139b82980adc156
SHA512 add1219abc704a42a2ec2e7ed85df8c5f677ca58b074388b9296b1bbb51c0824498a975e04605fb9fffcdd0d3b3501e32aa87b01eeb02744654fd0d378c1a3e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchT2ZT30XQ.htm

MD5 06154de75753311231928482d0fe8c18
SHA1 832ca70ae11059b47dcbfde610afa3ada3aec6ca
SHA256 dc3b9bcc2e2c3c33882a6a84787e90de741e56b6979bdb562633909473efaaaf
SHA512 bc9e0f07b6458a1996de64c4573193cba4391dd0b2915e9e3cce3b124163e196ade3bdb501b4b547dc5f48b2e769fc677bd856dc8e96183195affacbf0f63aee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchK1AOAAAM.htm

MD5 47e9e1a6330193c414f61633a400a978
SHA1 860e5a24e1173e44ce0a5199df0744842a66e2dc
SHA256 26f5eeec563de891e7a2eb8c968ebc192b191704b2e34d09aac5cf922620930a
SHA512 f6b51a429e1bbb287e3588c5bf66c10b105c50588385ffe19690509614bd83b847c6e4e5b4b56d53d0f1f6e2e043347865d1b9481fed368d6077f8e626d1934a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\default[2].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchPAK556EX.htm

MD5 0b66c3414afcb9f47c8c164f7cc8c01b
SHA1 a5938a405c7a50b86e0ae500270979eea5bd9632
SHA256 e65f06c122d479e5dc494083af2c40fe8eba4b187d387e91f97c62cb2ba15ec2
SHA512 c4a0ff38b3e2e6279a76909b189bd8f366a90918070855d3a32cd925c770f772777963cb759edc4c0e2adefd14c84a3c664bbf0a67a98fdf4e2948ebfb907e48

memory/2844-535-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-536-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search0ZQ9IZOK.htm

MD5 a468d7e7901d0f653bb11dbc6e91f206
SHA1 5b3b41030440198aadd8ee19a40396663c6ae986
SHA256 2de9459d446b1c952843d53c007d4262c61ef1c1b2d2bc159ae7490b2534262e
SHA512 14c557c969de529414ef08f8ebaca14fe4bf9aafec03e34075e6b453226f4956f97c2bfe4dbea7d78572670c0945ef2d5906b654e0f12634d10d5783f907608b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[6].htm

MD5 229014728eaf772cb91b56ff79416cde
SHA1 501a86ea319d9d5c23fdec1fb786a16951fa49a4
SHA256 db7dda9a18970dab064f61a764ed17a981dc84c49d7320157250d6b3961f200f
SHA512 2660f1be13a93c3aa9fcc51f84be048ad7838904eeab1bdd654ba7c2609823a0cc6b7143b25c2c76e580c638a1484f2737115181b48e826ebc935d2d092e742a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search1EX4VCEW.htm

MD5 394248c1f000cde1226ed6e6fa1e440f
SHA1 7619afcec32a3be41ae433dec9cb307986605566
SHA256 6403018406e3bd53ccb4a64d8a0f1db76190845c69bf28efbd11fe131258adbb
SHA512 357fd413c73043f339f0cc6aee3180f8486bdfc13426d914c49f15bd111fe66892f07688d4add0a14314c8077e28495f56b7a3f220ea38cd3fdcd556740a5e64

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 5e392590a82bdf54a340554b2f8bf434
SHA1 8769d5ca81e973dadae4e36aa2588822079d1087
SHA256 0df1acc8c3b925e639ec82114c70d680c624af9fd3d18c6d33481354e59480b5
SHA512 0a0946ae1b812b6ca8fe5f8e9514af1f16763c1e98ac0458ce18e8bd11ee623325b31c93ee35a159ba050f61cc8535e143801a0f5cea60cee33bf5d4d7234235

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search7CCBPXD2.htm

MD5 bcf6f5f1661ba2df58d709631eeda4be
SHA1 6204ac5d2c576d5a71b21c3bf8ed6e22535d9579
SHA256 d43e0f0173a9552b364071c082700cf72429b683454b8ddde80633127964c84b
SHA512 21a0e98bdce05c982126203df921dff3dbc88a952f33471b031755d8b82842848b86e3b32d679e125cd434bb0e90ad86bcff5439e57111084d865ddc82dd2037

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\default[7].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

memory/2844-708-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-709-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search2TXK38QY.htm

MD5 1170e59efb06eafed2274859d91cf6dd
SHA1 67f613ecc48aa7c4bac70190987327ef5c401ef2
SHA256 21dc3ef5af25233a850616d712824548bd28298793f3fa2b42362058b07c4769
SHA512 564d2c298bdb4c7f36962888bb02558029885ff4699a7eacb6e77bbc8bb6481b84bf39530d736702965c95a1495d1dea42c2e8e3c90a5e8d2692063479dcceae

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search41R6UIX9.htm

MD5 b9b4a44d97f2b6c500cfdb14f83a9213
SHA1 ac68e614f55eda5e75eebea75b691012372813b9
SHA256 0745195ef0aab6579e6643d21fe5c692c41bb4508ca1215f728c1e376388b61b
SHA512 9543c4a5cd2ba742ee9819e05052fe143a76dda7772b11c557889d1450398a9ba89a8daafae8133aa4322fd19c9845a5978a577cb086f05a826c1f1811e498dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchRVJ8L2VD.htm

MD5 c3b83a41ba57bc26b2e7b62df6694174
SHA1 0daafca1c1fd40462b691eb0f6f01d83729fe04f
SHA256 89af0fd3ed8fec6125b5ea200e7d4b0971eecf7bdc7b5b9fa526906800f5c988
SHA512 f3852fa44a86511933912081f45abcc462bd4be3ce9907592a19b8d80ce050feffe2dec3b264af7182ea8a57000af6581cff321aa064bc795a59ec73e20e957a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\results[7].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search0DPQGHVI.htm

MD5 ea75151a022eb346616418cab3870e4a
SHA1 effd79fe615713653b1babe3a6df985c4cf25a99
SHA256 08979b70a48192099c0fe3b1e6b5e9c207a2985bb211366c82e734d0c5f86b98
SHA512 8d47c784b3a9d5460ae4df54ca13e2d80a3509d090cb31b73221a4ebdfc81c66a9d92ef849f5381818a1f0f19b97e1616d046585b12b32e3ea2f1d6ea63ee6b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchC6ERCPHA.htm

MD5 d1ef273643f3a2edcb8996448e2d94cc
SHA1 a743b9fbfb892c3411938376be6440e56151aae8
SHA256 ab9a851910317572414c658024e8297eab9dc1e6161be9395f2ad28a16f350ba
SHA512 70ecfd877eca58572b6f44e9ff8ceaf2a91c8c4843b2bfe46cd5b9c08e6daf20d3d13b19484115020bfc4dbc9748cb03fd6b7922f898749b36e5a638178f68f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchAUN0RIFJ.htm

MD5 b186006aa69531eeff561cb9acecca08
SHA1 6fab8f4afb2b0c09ebf0451310affdb4ca381ed5
SHA256 65415023efd43d296fefd0442ce4e2be63b4eae1a7bd52692f2240646457f95d
SHA512 2e93bbf6f2acb4c9a26298e004e773b9920ab67ee68d022444a69db16ac7d5807b9992cf52d09963460e83326a9eb7dc0b82caa2cbac19e69edd89a8959e1e95

memory/2844-853-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3776-854-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 144b79b9827cab0022c06f6a983fc236
SHA1 56364f9599de16be6f9be2c30d1e4c1a8e66f040
SHA256 2f584026c34c85ec357119b30ab6d4748f2ff811c1f8ef8b0cdbeb5cb668b683
SHA512 cf22372082250e836996e2025ac7c8f865b2e1a877a1d601799a120e1a171ecedf59304ca2727e8dfbff9d23cee21f450cd19b81de1bc8f9663679968f537bc9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search4QS3U2OG.htm

MD5 619dc2547be76273eabaddd159a91f7d
SHA1 3a76121298ef3d9564693a67e265dfa56b790e3d
SHA256 dcd719cabe55220ac5c2afe7acc6c946a7429b754e8f125e3b07ee1f7b696f41
SHA512 0718b0b47e8a00a52cb7112ce98b9e8a58ec53985aa47bcf0b16ee19f648459160b2b69c764182783b71d81c270c5a82f5c6bc35c5dfaaa1c60ad5193a58f261