Malware Analysis Report

2025-01-19 04:42

Sample ID 240807-wr6wgavele
Target 0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469
SHA256 0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469
Tags
upx discovery persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469

Threat Level: Known bad

The file 0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469 was found to be: Known bad.

Malicious Activity Summary

upx discovery persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-07 18:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-07 18:10

Reported

2024-08-07 18:12

Platform

win7-20240704-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe

"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
N/A 192.168.2.107:1034 tcp
N/A 192.168.144.131:1034 tcp
N/A 172.16.1.164:1034 tcp
N/A 192.168.2.107:1034 tcp
N/A 192.168.2.109:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.40.0:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.134:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 50.112.124.79:25 alumni.caltech.edu tcp
N/A 192.168.2.9:1034 tcp

Files

memory/2712-2-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2712-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2824-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2712-16-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2824-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2712-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-47-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-52-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2712-51-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2824-54-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 31a4906e91ea0b1ad24553607da1c067
SHA1 e15c2ed3ba9f302a6f6760adb1d711bf5ed34b8d
SHA256 04bd963d6420c88ab3820bd8401bed5f49728379e4efe39ea67f66ed0ab8b508
SHA512 ce686f2b64b12b8b9bad04b6285c6a7e5b62134511023b692ce683a19d4335c6a485eb4ad61ca039b00842c725783144dfbdfdf89de6dfd40496d91f91310ee3

C:\Users\Admin\AppData\Local\Temp\tmp179.tmp

MD5 9053c6a28dab7a73e9d3c1fcc270f66d
SHA1 e0c5cebf1332b7be4f1f501031ad86edd7462bd0
SHA256 86f92071898a66ae33d0b1da6ab7f1c761a4489804943f1782ea34624c6a6d59
SHA512 a05c2a250bd2038cb5c5868fbf669c0397ad642b4202d83cf74a28f7c40dbc51353210276c98fd1e32d699081ebb491db2ee443e7f214aa40315f01ba7706297

memory/2712-78-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2824-79-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2824-83-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2712-84-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2824-85-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2712-89-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2824-90-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-07 18:10

Reported

2024-08-07 18:12

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe

"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 192.168.2.107:1034 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 71.190.18.2.in-addr.arpa udp
N/A 192.168.144.131:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 acm.org udp
DE 142.251.9.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.41.3:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 2.18.190.80:80 r11.o.lencr.org tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 39.25.76.104.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 hachyderm.io udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
NL 142.250.27.26:25 aspmx.l.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 172.16.1.164:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 acm.org udp
SG 74.125.200.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 104.17.78.30:25 acm.org tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 50.112.124.79:25 alumni.caltech.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
TW 142.250.157.26:25 alt4.aspmx.l.google.com tcp
US 52.111.227.14:443 tcp
N/A 192.168.2.107:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
DE 142.251.9.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mail.gzip.org udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.10.17:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
SG 74.125.200.27:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 192.168.2.109:1034 tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
TW 142.250.157.27:25 aspmx5.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
NL 142.250.27.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 52.96.222.194:25 outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 142.251.9.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
N/A 172.16.1.134:1034 tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 mx.cs.stanford.edu udp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
NL 142.250.179.196:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
TW 142.250.157.26:25 alt4.aspmx.l.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.146.194:25 smtp.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 8.8.8.8:53 kinoho.net udp
NL 142.250.179.196:80 www.google.com tcp
DE 142.251.9.27:25 alt1.aspmx.l.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.179.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:80 www.google.com tcp
N/A 192.168.2.9:1034 tcp

Files

memory/1560-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1696-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1560-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1696-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1696-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1560-25-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8268841de4b793ccd31a11f25a660eb5
SHA1 b3d650d4b2e894d506a12d6cd915a29097a451e6
SHA256 41e3498f9d1afeeb746d4854b8109496792e81322345bf2e25ec310a1e652957
SHA512 1b24e80aaa67b7ce2ea5443030892d658abece812267b4b34b1005e8e41b48c60f73007697193d1de80e70e6b119b7669b84239be52d4a84d3212da8f1cb2a97

C:\Users\Admin\AppData\Local\Temp\tmp46D8.tmp

MD5 15a6230108419cd38926280877b79be2
SHA1 e89099ec30f89b66db0dbae3f62bb37868fd3c6f
SHA256 65831dc0399b89b12e0a254e886436cad1d4008b31de1d5b9a40fd4fc8d07063
SHA512 bcc179f6c4fa28d8fd63d671a3c3dc0d13757bbfef1d6172c84257ef83ebd63a101423a56768c9d9865f60be12a7c0d9c598e3280f624ab855f2113d02b61969

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\I5P4TYHP.htm

MD5 a4ecd38d9d9a17e2251f2ce7d3e16283
SHA1 7ee4813e0763df21390d35f915d546e9667f0b55
SHA256 66e3a1635e74581d6b82385399a2606354677767308e2676cafddc97c7c151e2
SHA512 8c26ea12f80f5c9c5e770b81dbbd88fbb25a03e01f69c93195cb16049b74af47bf9d6b201faf26de2ebc5b1832dc0ead88a329357edcaef56b580dbec130482e

memory/1696-163-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1560-162-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1560-202-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-203-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1696-205-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1560-209-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-210-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 34be091015d4d86f6a514b400c5a7a1b
SHA1 a5e65f3f2ea143048c4632b302cfae0de46130c1
SHA256 f6dbeb60a9ca27005ea2ef621e2539c354c8599dd964f772e5ca46144c67806d
SHA512 a02c0c37e7a033010a5060186872263d29527c55e06465c79e3e223f82bb2bb71813852ed2692f32bf59506d6c6b6f51261f9d6a52234de10d3598bc3ff08176

memory/1560-227-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-228-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1560-229-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-230-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 95f5719580c465213ac3a6627c4b3d41
SHA1 9670be52729d926a0f053ccea4a6b37c79f46f0f
SHA256 aff660075664eac0715c144235bc7f0702a2e944c4aa905479f35e9283b2ce81
SHA512 6017d15ea9470f987e485126be9c1bf1c84f6d427b401c2a453282bd6a2230df300bf08660b3c6025c7a8fa3f330b395ae4bc84396c827b924c9590634ad2b43

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search[6].htm

MD5 b751c5856c5f94bf914ceec308194383
SHA1 710d6213ceae0f6b13eb714568bb5feb9c9a924e
SHA256 db30c81be18d1fe1f840dd3487787ae14bdf4a5facc98d101fcc637cdccd70e8
SHA512 63c6bd1083eecb60e6cc29546240edecb4416efd1385f394202b5daa469354d7d36b11b2d7d457b0f9ec8a7bced630bdbec4c218506fe08cb5ba62d64adbe0c0

memory/1560-276-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-277-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[2].htm

MD5 4e14a734f4f3efa45d3be3a4c3a92ec8
SHA1 9cdd4230e09fb122f3d762f19d2f2fe39e671846
SHA256 2974e4012b4b4d7b626043d7dd225edbe2cabad8e269337cb440868cbf4b4d6e
SHA512 e6c712f0342e5f98f6cedb4541801ef995bc2a185e583b3574661de0d2014bb2c4489f527cd26cbbc3a66ed428f85343c07468e2f5b1e092a41517044f6fcd8b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\results[3].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\results[4].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\searchUO2WIQ26.htm

MD5 71a3943fb8511b277605b1b2ea66ca6b
SHA1 371cb66d57a37f7987111d6abe2ab8f8d4a8b198
SHA256 77e4504ff59d3f42ceb376c127aaa93e3be7ebee66bbf2409f46570222f99842
SHA512 de58d3c7ebc3bde6da53da7fc1b6cde9aba396f5c6b4a8f64920a6d97795a4223e1da763ea090d0c60f37368802504514661f72571cb68c783d5d30c09d42c59

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\searchK6G4YTNH.htm

MD5 a699d05b92101fb7a7b4df58979f6d1e
SHA1 9f91499090ae92a6b6a2aa761e837da32963e55c
SHA256 c76e9a39ce3ef52576e9adad684d513f955033ed59a90681d4e787efb8c40586
SHA512 74b8f7614259f52f8cd7783d7420889f2c9f8e014af86ef528ba812775e1e028b8cf61414dec460c64d218f2cfb524a89e30f42a0b6c66286bfcac831daf7d8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\results[6].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search[8].htm

MD5 52e033fe79809fbe04d8267bd8f4b03f
SHA1 43f5f430a0b1d86e345f4900fbd5d61339e907d4
SHA256 f04021d990e2a8b03781c114da9ccd1d674f4d419c0b7a4b170df017c28c991b
SHA512 b72eb0e2918015f959cd4b393d2fd900e6481304b7956760e46e7460195c6865ab5ef68288353f5cc43223bab31e7e08f15cf42a9d023f37037968fa5015c807

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T369AOZZ\default[1].htm

MD5 bcff225d207b6681a01ce639f790b613
SHA1 529dbb5ff6798cabb783b8c10c3e689e2021c521
SHA256 42c0f0033e6d1faa7c7d0a3e9caa3164267aec10d9d6066c1bf52b94c3691303
SHA512 c0bdb69112b649b4160a80cdd56c6105ad0d834ef2278bb53eddc7157ec0f811e36621f76c247bba6b25c9e855b0a51035025378a18b9c9fd1c672ddde7d688d

memory/1560-476-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-477-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchOFE9X5W7.htm

MD5 58f4770ba529fd116848542a6d3af351
SHA1 2f0ac63d77c1bf3ec73fd3ba5b83aee2ce11a231
SHA256 726fe6cbca6a3df7b46b8656a846f787e5c5d9cda642d2ccae3dcef8fd1cf8c1
SHA512 0cf255ba443423d8e371ba859970dd29c9bba0680b97c830d0004b0a89e824fad2221be61d9c23ed33520b5ee4aff81583f8e6067fd414dd6a9606db5c35a0e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T369AOZZ\search[2].htm

MD5 1fbe13063082f2b394f8241ec3abb9d5
SHA1 120a388135edc214c92d1b872351aa3bcd703e95
SHA256 0106a22884647eb0ee9c946c353079f8f0f7f8086322bf2436d898dbedd8fcaf
SHA512 03c695ccee31ce4d5f8191f53e308bed551728dde98cdc8bce20d7b5c822d95eaf5d27a61ab3af75fcfe586a0cbd2d697741af82028dd2e8fb6e740225b4bd3f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchMOPUPZVT.htm

MD5 53e251c4edcb670ca53a4717f72b9a48
SHA1 96aaa592a3b2e26633447ffda9a7788f9a2acae0
SHA256 95f32ff568103517d35746e2f1802fa8aaac0896a15fcfcbff3d1451d3201035
SHA512 9e61060d3315bfecc6a08a47705a877fa76f0ac75fee302064e161d22cbdd2cfa6c935be3413b8686a6f01ea8360bd9268143beb48f84e3dda6391d2ca84bb44

memory/1560-614-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-615-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[7].htm

MD5 e791a13e4aeab3937f0070725c16deed
SHA1 a60cc9a39b41a13f4968681cdcc97f1b8124760c
SHA256 729723107d66d3f08b0bb5b90923fb13a7908a9d6644fc265956d3a7729459a6
SHA512 1a424e2a2559f1a5b45d1856b62c95c1f7571363f6767bafe69f8ff55752583939a38121d75799f95c64068bbe094845894385d41864ea66d0b064d66b98709e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search15VIRJFH.htm

MD5 1f7d17c56b58bbe971beedc1b2d37031
SHA1 8be9ac13e504a82ef4213ff0bfd0e8114c878a3e
SHA256 ec3f695e67984efa241a2c3efa23bcd95121c0a715562b70d87b7d72d191b944
SHA512 a1279f9cb8cf553a806f1c96aafa2d4c657a85b7a17c4e4f9eaaf944f25e8d548bb099b8a2ec7a678e4ed292e40a1e593cd4327410b1b945ea6fc634011e2df5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search4ZHXG5AA.htm

MD5 fd04ba3f3722bed3a93fa8b99a70bea2
SHA1 bec32c56b1f61ec84ebaf80c73872a18ae9cd43b
SHA256 8736bbe71927b9013a7a183e00baef71f5d02b18dbf10b1ba0f732f765930455
SHA512 62e579a1319decbec0d9a8a0beabe049bd57f5553fbc71398ef503bab7ee6cddca06950a44649705ce56f7080969875861da8ad32e7ead2db43debacdd3bfd5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\search5P2KRFFN.htm

MD5 4d24e7027ea646466c31da9933b2e202
SHA1 bf9c08b2bbe34688d7cc9fd8ac5548edb449eba1
SHA256 6719b9ab1714de21a90e51ce32807f4985c288f50cded1fe1e0e5f1e8a665e31
SHA512 e6af9b03a4ff9e636fd2366e331cfcc0dbff70752e3375bba8b1915fb93dbe8449bf7a0986208bd056c6a3c6bfd2f500818fd53968573a2e5e91656ca2eb2eee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchGVHVSHSL.htm

MD5 64cbc0710cef398786470f1fbae7acc5
SHA1 ed172bcddad257b5e15365c411cc05466d64e410
SHA256 804bd68863173b7e6f7a51ed8e37d5d96ffcb2fda3f151f0f7cf985cf5a8bd70
SHA512 c77bb93cbca8a16d13b8f7b9dd78e4dcad69673a3749f0dd8836d9faaee42029faa63440f6928ee4f6825df5c8a830501a75758ddf08e93e7f41259fe6364e6b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\search39NV41CS.htm

MD5 0194c65aaa11fbf748aef65f8c7e2f17
SHA1 2687ed35cc7537564d2adceccee020ea6fff1dda
SHA256 4dc8f9ef38794144fa75e4b6c5ce313df9427fed68f262069204fd675657b159
SHA512 1c77afddc4269630911db6cf24e4b1dc8d7702109e7f3ba53de68556b47bac179ebc36957505b5d779c018fc011970a708d6dd0374b2a53d23e660118e153a06

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 4fed344e015ff6163301e6807ae25b69
SHA1 33e052ea857c8c8ef17513b4758deeeaed871a2e
SHA256 a094b5da1d354413798149d9736f76a5025aa0eaf72f0252d3c9303ce839e459
SHA512 394e5ce96a86938374d2bf97f5e98be11a42f73b65cd4ccb9dc21688088712544aa7c815419ed6f3ed89b588bf031b98d89d9b664c10606b8ff568f78d13081b

memory/1560-755-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1696-756-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\default[1].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search036YU7MA.htm

MD5 155a593a03df07a6b10f12530e21792d
SHA1 1f89e3ec6527f6b811e71bbc98cb7763529f63de
SHA256 d1052c5b38682112400ae94f1de54d72348a58d13d64de50d2eb68b15e91f21d
SHA512 2e9a40265c5302860ee8caf0b1c6f1ad6ff3fa38a51e0fabdc1f0ac9a6f798bed44808fed1c6ba8587b2e89c1d30221d79e5cdffcf8f5ce6fd28721189ead309