Malware Analysis Report

2025-03-14 22:19

Sample ID 240407-24qynshd86
Target e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118
SHA256 9cd0d7a688de62b3f0aa5200f8602294541d806d089b102c2c2f9dbce99cc707
Tags
persistence upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9cd0d7a688de62b3f0aa5200f8602294541d806d089b102c2c2f9dbce99cc707

Threat Level: Shows suspicious behavior

The file e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence upx

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:08

Reported

2024-04-07 23:10

Platform

win7-20240220-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.1.7:1034 tcp
US 15.54.159.149:1034 tcp
N/A 192.168.4.216:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.44:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.4.216:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 15.204.121.75:1034 tcp
US 15.204.135.55:1034 tcp
N/A 192.168.3.65:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 142.251.173.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.google.com udp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.171:80 apps.identrust.com tcp
NL 23.63.101.171:80 apps.identrust.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 15.204.124.19:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
DE 172.217.16.196:80 www.google.com tcp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 www.microsoft.com udp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
N/A 192.168.10.114:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 tcp
IE 212.82.100.137:443 tcp

Files

memory/2004-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2004-10-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2004-3-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2960-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2004-21-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2004-22-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2960-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-28-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e44096dde3e45e86723bef3ed9832ae0
SHA1 68bf649f85ffd1eb64cc7fe252eafb4e4209eae7
SHA256 2383f7f265bd11649d529c4f6ce96b01e9053ceca02e4363c19baeba2ea4ffa7
SHA512 8b71023966fc744fda9a600011e0f2e2a7463308a4f96da91554e0ecfcc7dad5fdb16a1881a63b18b090a35ab898583700e5c4f2cef655e50611e1d640cfc36f

C:\Users\Admin\AppData\Local\Temp\tmpCA15.tmp

MD5 998242709dc9f1e7ac42bb497dde2fa3
SHA1 a318f41df4faa35799a5c19020a9b91a554832b0
SHA256 b7ce3e30d00731a2bf0de09695e1e6bfa84e026489645c68737161ff2ffa3948
SHA512 e44591e6eefe3365c57b7eaa08aac1723f9a89d3d18fe958fee5cc932d3be59a079fef7f9611dc61e17a53341e4c9a6f5b95f093753df792dec40bc92a59108e

memory/2960-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-52-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-53-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xs9omzxyQ.log

MD5 84e53a474580534e8e3cd0639b031c71
SHA1 a2c55cb51a68aba911d7949191345c760338e754
SHA256 c329c84a5a8889a762b1c93afc390640e715571586adf0e7ea42cd8bb3601be2
SHA512 e514fb1900524ab691c1ea8440c4cf22a42e42d9cd3ceb291d37609e38e21caf23d3437c887c117f4fb721112e567a3f88e1d875d535b8c80081350dba1f78f7

memory/2960-57-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-62-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2960-66-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e840c1d55923aa092bf02c81d19a175b
SHA1 00e1bc6d38aa874b587ba24d5f88775c80c01181
SHA256 b534a6b7ceb72cfeff50e26abe2d1f0ad4eb27b2925242ba7dbd7fec6002e17d
SHA512 6d6173e07eab388654c8169cd90bdac4807bd9db9c3c62cbb33654c23e2869f6d7c49796467f2f1ab78ddbbb4ebe098767e0819d10f0c7d56fb7aa5927651956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8066fcaff90de602984e3149444e18f7
SHA1 893f9ce10571669583f2068eb549105193ee162c
SHA256 d677d3de84522854dbb72e89997fa95fb66642d5cc20f90305e79476326fa8c5
SHA512 d6dd09080bdc89a4cc1259d2de7e2f324bc54fa0b75faf51857a4aa2dd0d8a43b5174e0b73a7c22bdec31e6faaed0f62ea2660e428edcb1572a76667f34316fc

C:\Users\Admin\AppData\Local\Temp\TarC561.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27e5890ca6e2195970ce5c6ac001bb1d
SHA1 03bcbaae54128f21f5a48bd9c203801898614e74
SHA256 3bce8dded2dbd78803c226441c18280d01ec5b8a974b57e496ad9fda330a9507
SHA512 3529a455824be888178bb0aba48789ca4e435cc8408c65faa6c478ddbaaac498a7e6f9eff193e8fd9e4aa59941dc7e4df4e62491b2ae9b33306d261fb61ede19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d401001988f81d7dcb39ca73533d1c41
SHA1 5defc32ccf989c7052b08ee7ff6f8ef1858283f2
SHA256 9563f3aaa16e242fbe71eec13030d6f0159538f9177a36e2e49e35e0ae4487a1
SHA512 4a82b5c36ceb3f99f014587f4035eb962348af48ad8a51e43a0a1f94ac2f2b9a22704be75ef3e7ba158e00e65b7c3d17412f6d0bfefcb5c832c8aa5250308ed6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1d297cffb52caeaae1f9c6cc85510bd
SHA1 31c0bf9b8460c19e60748042d7cf4c8cc20bdd6b
SHA256 abfa06db3821b9bd707e3ca7d74a12259b89afbf6046bc4fea9fe1aa2cbbc7df
SHA512 ddf30e8620143c3da870d594545cb7dc8552d195151299cca59c9ae3ffba3d1d14af404648909b32ebc316d9fbd7f484f0a1cf71087a15f7312b13ec8f8e2607

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68dd0a620118f9d93a983ff069809856
SHA1 082e1f0ab4a0a00ebea61ba7534c74a0b12b0b18
SHA256 cb9bb17b50963c018de4091d2802743411986f2a47014d8951337de3dc5ca269
SHA512 0ea9f3ec9074e4c860bd997b86af3b61f84ef582cf11c13a7c903618547eae44e68af193c62f4ee792e7482e636dc72b42542b34255f606418a67b2b88adafd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 296b66ccfee7db9a5f7418f3ab12f0e4
SHA1 d936c40e0aa6bdd1a744ee9dcb2fc3273bedaa91
SHA256 8bfe68e88fb2473a56043c08704874c4a7d1ecba1ad19f3ae59f869f1e93390b
SHA512 7fddb49ce07c0b6ee84d03e1c3066bc5342e664e238db4f5dd75bf3cf081344b81c62f6199d69ca1754722b0640a74aca97e45931359e44e94634727c0d7293e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01d0831605f73eefc651d1e31f09c4cf
SHA1 1f0cee6d48e98cc371b6db3e88602b53f0d38874
SHA256 4114323418aedc1f44a465f3bb4dcd9a9d8a86122466b8311b0240c7382a2199
SHA512 1cfecc18a2ec43432f0374e26e76500244c9d7ed6a7dc73d6c0beb056f3ec5eeebd9b646d536891cb5e572110ead1ff05a77428bd8a5f0fa0987bd705f9072ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da69f64f03a81b973efd7648c4c55172
SHA1 00de43e1a259e9e23ea52d193a86ef2f04c953c5
SHA256 6c6e9824a785e5cd838585c0bbee2bf4fc78ece770da3acb561117481857fc89
SHA512 d342a21c3e1a114707bfab57602afad7cf5dd4c5d332efbf416a1d9d50ef068505be55dda813e45da68640deb9eec7e9db05cd88577f9b3174e5c16a6f0bf6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7ce4ef98d3215226421dc0a31dcec85
SHA1 aa87da7125a8fbaced2d0708938eef4386690e6d
SHA256 016e44f2690510867312f95f72af9bf5ae2a9b2f8ca88b98b78ee5f73de005cc
SHA512 c7d05cf221a9d16134b03bede4395e002aec837e9fed42fb40e81b6240e533ecacc005f598ed3992df5673094943bf76f5b4a6e294442f88c2bcaa5944c04548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba6a461d150276ce7bbcadc4461dbcf3
SHA1 24f937354b21b67bde8e56ceb6c9e569d9e01465
SHA256 146148d38d633507ff8db34f81d38099f142b596e17dbc06f211591b8ab9fc83
SHA512 6b011ba86ffd41c5381a7a839ffbe1559c4d54838448b2be2dc76f3e76278fde2127cef16e5715105dae9cdbe5f87ab67f24b0e1d85c76d7300ccb29056678e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1025fa3c5257f9831eda0d7890aa3f14
SHA1 d6fad42859e40816ffaba3456d35c8859010935c
SHA256 386cad1a3995a6bfe872cab4bf735d796716947b385881f3345bc38f3729a8b9
SHA512 2887d6a121e99f7b0da75ab31ed260616958b0693ceb3f7222a06db295d05e70c0021ba67374c51269333ab5b2749d6f1b9aa793dbc4a8bab33907189c9f2414

memory/2960-1174-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe42427f399682d4e6bbf699e56cb94
SHA1 ca5cd8858432c92d4871ae6b4bf8ffa624fe371c
SHA256 cecfdfcaa0fe6b8e8e383d29bcec9221e885442d54add8720bae48b968264555
SHA512 29c7bec6bda6fa6e026d85d4543a5b81b57fc32150dc92dca088fa4468403f3ad3fb0dd01df15cdcd723ae95e6704c329ad69dfb62f1024dc775414591984266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8c0919661f8b24c64d989c90cff6c7b
SHA1 4fa523acd0cbfaf8b47398001036dbfc57d0115a
SHA256 d299799afdc2a96a8bcc0086202c507ec7cccaf750926a43ff5560199d720bb3
SHA512 eed111c391631a6d5ce7937dae1c592b2fa5efd367b54107f9a92a09800cc65c15ad524350fa1f5b9c6b4cd4fa70bb3a5dc71b7d0f1e311b6bfc32bdd620f9b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f12834e12816e3c224468807f0206802
SHA1 008a789dca8382d616375b5052e553e7ee5d5d63
SHA256 4090539f208c5fe382f455130ef17e1d39019d9001b518e2ee8aa31e2e46a144
SHA512 a445590ab82822f0c4a36f4d7b8000fea0a1b72df51bc3ee50270a87798a3be8426673d4a35fc276cc823a8321add6bd19fa9d00f224e9fb2e4f8a0e7a98ac44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f0bf0a3c4abfe4a37ef60c1a5846f20
SHA1 7c34fc5d51e181c7496035a12336286dbdce2d0e
SHA256 64e3748064d790b1826ef710e8380b90b977a0629b2ccda203a2631d7fec0ad8
SHA512 48abe3f9114227f6576c0a7b2f1bffff25395cde9761a052432bc6bec024ff71f28067865918828a35decd5c3a82d9afe65b7ad5d1f76703b01fb0b91cdc5073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 639a10e3b5d8c55f69f34caaf7590540
SHA1 091a29e038234d85da68f0e6cb9de01306797e07
SHA256 a0ed2da6de7d0f1a09e20e9d3b87871c7d2ebdd1486871e44e145e234d67ba23
SHA512 a5b16634ec31d7c325b519714944ed819a73a0e14666de5d760a035fd7670e70d1b3ee094c88539eb5e6d52cff0bb2dd8975b47e2eb75593dc440521fe6714e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71e078b119b1cdf9801ef5d4db892893
SHA1 d8dbf422b8c6a6e4511fc62c1eeb5786377817d5
SHA256 d395070c0738d92233744bf419b13d0451b0b7dd8dc110e457174116db599992
SHA512 c5061f9b046952c2de00ba405cd3c66c2665beefb8c031d2244109d749549eae64cc831e23022bad3e8b84460f7309f20dc290536cbe4736de4de166df6df91f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 196c61c4fbc7c97d311ca1c180dd9569
SHA1 504e35b044db0d1c3ea07542d6a734738c76a311
SHA256 e51d7ef30e256d761e3febf5a3cc4ed1b5140135382ca4c78aa9d4b70dd9d156
SHA512 047275457dd48388100129071f0f88b707398aa36a8b37ea13fd4f54f8712e3f956fac24017b63a00cd296c829c1d53d674dbe39c3ee125d91b90d5122e3ba9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb10266fc3099440c588f0f9a736b518
SHA1 bf50fb2c8f510e36fdc1ab875acd99fca22f265a
SHA256 a412ab19f9e2217eeac3ede66f10f6af70df4d249aa9396b01dcaac4bc9a204c
SHA512 6243149f304d1dc3edc7385259a500adbbe5b6413a61b401ff4d0f7fe4223940f986e547ddff77e9435c436944501a8d85843a67db63da1471c92c563afb0618

memory/2960-1890-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 008e76ca889a62abc9619d0918c7e74c
SHA1 e1ad4fe5ce575dea2e05a6a70e4c55b2e1d705c1
SHA256 241ff18ef56bad9ece2a8f9c0627ce5a169d702330dab4870f581593ff9b3399
SHA512 f4932012abe81f5180ae31c621725f8263ce1af2d9244bd9586919b195fe67106430e07c6c9583b83a5d88b512fa32107129d35674abe919e2fad0f11cd877e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d38a82d5783f672b02287e6d9ec47ddf
SHA1 2e509efdcd749945bd7d8904a8fdf81f00696724
SHA256 7a5b9d80f711668e12562fa5ba0642db68de3f776aee19ee28ec80bcb3174874
SHA512 90a9e9d26ce06d8a527db94dcbd8679ef569eb0fb18f86f21b939bf384f16ef9bd35c239fc5a49349c4928b6084fd810c95cc968a15e8a55fa5d4044a5954c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad9d13de79ddf92eb62dea29d1e3e152
SHA1 bc2db4f8bde761868182b9e500b361b52c3e3ba6
SHA256 db0204e4e9d8e2ef482cb40845bffae3c0ac5b65489733d417e217b7e59f7027
SHA512 dcc22d0530c5e5b3a3e59601e45a8a1c46e3371764a04ef7df5797a906426e8b4c395d5f8e67f3824daf171f7230aa7fcaf6945f5367577ca0c0ea3bfb18c0a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\default[7].htm

MD5 ccfe63b884fe4225fa33f618a54ce37a
SHA1 bbb0778c1597eafe7fb9c5c65412f8ab04b2e311
SHA256 f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112
SHA512 858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\default[1].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

memory/2960-2437-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a03de8f8ec0192e96b218652c0fb080d
SHA1 5bb220e696d22da562900e1401fe487bf67b9f6a
SHA256 1a5bc72842fd23ab21ea4cdbe55deb536f436f0ab3d461a48291cdbab96ed338
SHA512 94d75036fca6e6ae480927654f16d446ceffb910780b6fada3989123055015d5faa3ad3dc2f8df5468b821b542591703346e63ae7703105c9601cbbdea4b1aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54e284f43231c7c761ea6df3f31a8218
SHA1 9f306aaef9d5776173ab513d1baccca84675eec9
SHA256 07eb7ba79b559dc42e9f7c59a22e005514cdc3a43391e0a9b3540118f5b68882
SHA512 305aa347b51f6bf5f7839d0b46a9c5f33e86c7df24f2002f41e1be9b022cda499781353823c8258788f9fff7cf4127b8d5154e2c243346a948266bb5d2f72e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 109c3627ce9a529dfdfebfd4bb3f3d86
SHA1 aa35ca5a445695f7d2e29761dd61fdf665073dba
SHA256 482432e1430797ce8e7ca88caf1325f0f311a75e11f2e7e270fd6420a89f5f3a
SHA512 ab01c349bdf17105aed43709b2bb47ac374049be88304c2123ae84ef5eccf64c9894873ec510c1889ca455445ed787da5d1824e44b85d165a7f2aedcd93fec39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09a0cbb63016f362b2586a40d40b0a53
SHA1 bb99983af731545a541906e24f1f04e27d0efbbc
SHA256 bebad91e6b33350e2eacc31fda5fc82e1fb3073aca3a08b3cd39fadfa1909bdd
SHA512 6fc07f267c0a55080925aff6db27bc78a74e0700a0344c9cca2d352103a6e674450bc4f85573a2b9364695539cd5fea61d9b9b791ae4702d77ce5975c9cbf504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 39aa15ce17c77a80aa5354b2a177458a
SHA1 682308d5a28d2595caae38888ce8f339edf6e5ac
SHA256 f00141827b22d139381a177c4aaacb59bde77659dd8add91e88447e65435c69a
SHA512 36b0d9be034e947a695095a58ffeed7c58c4ac0b7cb211e47961f46086ff974bdbe7b2244b798fb25b354128cba68c912a014b54b36664bd2a3ee8b49767b8b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de9c6bf2e1da5130098ee06a0f356ccb
SHA1 e92495d83da9929f1377d85a43bfea3f63284f84
SHA256 cc1b700c7066fd0327dc8cdb2c21dddce7956546861b65e5f33972e49900d5da
SHA512 706791ca98f6fc2e30dba56cdaa501fccf1515af703cc94db2cb386d0ab8d0c60492b46949e9da7b270f1ea212b257981f7bf8ece72eca07250ee4e223562d5e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\default[3].htm

MD5 28d3586cf0fecdada411e6598d0d24b9
SHA1 87f72f1d3f9eb8682c25d9ffc0397064489903ff
SHA256 3f9df02aa51466baf3b4089857c0c9f84b40e8506a4322f3836ce2b995552593
SHA512 41e79f5946cbf77ec84555acb9cffecaeada064855c41a46b56c3102f0fb406a627d84347ac14a74768db87e93e68ca534887a32d4cf220e013ce24bfdfab0cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f989b2f89cfb0da89734321dcfc40dde
SHA1 910d0ac21c869fb81901694906cee8a79e3a19d5
SHA256 8fe30ab7ae0b2ac212b5e376231fdc885d622e6fee26c8b614be5ce375a8274b
SHA512 2164cf6964f648661eafc2dd177e580151d343381129de0035f9c8f46c3a8c56f47379756ca82642eb92916ea1155f0f4e8edd40b62b51c69c893c25d067ac07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53cb9ad6bcadd323daefdb3ff28601f9
SHA1 e0aa52cb8c2b794148efc300925de53f1126107f
SHA256 eb760290ea66a774323cc8c356428cae32f4eca41748aabdd56ad1cc1a90cd86
SHA512 2ce4b078e8c7bf87226353fa26740eba31b70bd754c59e7698a0c7f29a98240250f960e9bc25720d3af36e103a6064942042b1787d6bdee2d460b4d9f413da5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e78a8d774c69e8d23a6e7ab698c0fe8c
SHA1 6a56ecb4ad64bd4c6993eb773a5e3bf37acbfdbc
SHA256 04888ec3ee9b2fce178db93d9c53e3189b654b959636ee1d3f3f98e12bb6f98b
SHA512 6baf0b742217a95529d4d63f261b44055188e58e6b467b858baca9f209eeb9c4eeafc99a94415090db4d3336a2a62ea6032713d11a4ab6eccab6d714c2630f92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea5bfecdb34455b449099425af83fad4
SHA1 d0cdf625217e858c171b9666806c136318dd591a
SHA256 307843e56d9e67b8bb30c9cfa0c15b613125d93a84efe033ca4c2ae56f0ec1f4
SHA512 2cc5f4ffffbabdf49df017424afe6d276ddce8bd878ef7179cb91c33452107114c533daa630a5433ea2b21e97cb968d3e7806fb304fa0743ec3b9cd931eaa9cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd615d1e8b85dd4b23b5a81a23ef59a8
SHA1 96d11dd076266c0c8c23ece0456b1c78c82b57d9
SHA256 41cf13881d38a286285596db21b57486417116378a76a5457619dd9a1b6b30bf
SHA512 87293761506236ede3b92b73f5f97fa8d0a96420c0bf05c43a69211165bb756e0a2b89ea5d6633b141948f716dc8872d96341802a49a783e4e26f8672928ef88

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:08

Reported

2024-04-07 23:11

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2588,i,14229658658073991926,6938034815163866135,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
N/A 192.168.1.7:1034 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 15.54.159.149:1034 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
N/A 192.168.4.216:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 mail.mailroute.net udp
BE 66.102.1.27:25 aspmx.l.google.com tcp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.11.15:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.lycos.com udp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 196.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
N/A 192.168.4.216:1034 tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 104.17.78.30:25 acm.org tcp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 15.204.121.75:1034 tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
IN 52.101.144.1:25 outlook-com.olc.protection.outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
IE 212.82.100.137:80 www.altavista.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 15.204.135.55:1034 tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.3.65:1034 tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.223.2:25 outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 15.204.124.19:1034 tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.251.9.26:25 aspmx3.googlemail.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.211.82:25 smtp.outlook.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 216.58.206.74:443 chromewebstore.googleapis.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 74.206.58.216.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
DE 172.217.16.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DE 172.217.16.196:80 www.google.com tcp
DE 172.217.16.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 tcp
DE 172.217.16.196:80 tcp
IE 212.82.100.137:443 tcp
DE 172.217.16.196:80 tcp

Files

memory/4552-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1928-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1928-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 270e75759ac25afbc16dd376fe5e99d8
SHA1 220c3db35eb77cbe639817fe7a7b860a3b707b4f
SHA256 774cbb4a44acd9fbde71f37865a6ada425a3e8351413656e17268859cbedc785
SHA512 736dc75d122d10dc711a65b6b0109441993e1394ffeab50b8df4df11e30a991833a9468a8f9d870eb385441b990b745374cc7666560aea82afc11a1a0e2e093e

C:\Users\Admin\AppData\Local\Temp\tmp47B2.tmp

MD5 f3f73bccfdb99cdb22c40c1cdc2819ee
SHA1 a0974650dec7afdaf974ac5e763651ec3bb85b1d
SHA256 b1ad413d2f269ca1a5b7377e965f1ffc07f357055cacb18d4be9864f5c2f4e89
SHA512 44a2b6b896e3ee0a04df4ab7fc3a4ee883603132373ffc3bd289eb9d1d8aca3d5bc23d32b30dc1d436334dcef704717120817366b4a71a62e9bc3f346754f089

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OZZV2MGD\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/1928-117-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R2H8ZEZE\default[2].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 cbfadd8ad43db08ae1fcebacbe5c0bd2
SHA1 6f064acd65f465e7f75b32ae999d033b2d753683
SHA256 d83418990a5416b520a87d5a07bd0003ea96b90e576677f54d03fadcd7701433
SHA512 93e891522b31060ae3f8de54ea26d982ce68ac45129a4eda154e49602da9d6bcca58a32d609a56fd3b4d71707db570463a2a0224e8ac7c18062b05c0a9f21766

memory/1928-146-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pkgtu.log

MD5 f7b9ae938bd259acd2ff3e1b1e75d8fd
SHA1 0d6345cc83689984ef4e6342e380c01a29b9c316
SHA256 4f1555045f774e719ade0b02c18342087233ba2e7e53696a3c10c02ce19d6157
SHA512 1ddabac920275bd831dd9caeff2bbaa43ded488a433524f82210a329ee619efab3cef2db5cf471d40352345bd7fe31d33ed20502c973ba6378c1913e4b35b408

memory/1928-149-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-153-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 ea59ac49511024e6cb1f3bcd74c140ab
SHA1 5179ef1f621e3c0e62bbdfc20a2eb781c4a41f8c
SHA256 53eed95e83329348820e91179d0e5026d62fda6562dbd64cf293e25279ba3a60
SHA512 0b1ed6b39a743c2845ad59c2c47343b474d93786c2c53bbde7269cf4d772f4dcaac16f535ef539354974135136454ef89b0606884a9c4387380d31ba11873499

memory/1928-171-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-218-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\default[2].htm

MD5 2a8026547dafd0504845f41881ed3ab4
SHA1 bedb776ce5eb9d61e602562a926d0fe182d499db
SHA256 231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce
SHA512 1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97

memory/1928-269-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\default[4].htm

MD5 5431b34b55fc2e8dfe8e2e977e26e6b5
SHA1 87cf8feeb854e523871271b6f5634576de3e7c40
SHA256 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA512 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

memory/1928-304-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1928-341-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OZZV2MGD\default[3].htm

MD5 e5c2364375c0a8a786a9508a840b6299
SHA1 bec1874db0d2348274b6656d1383e262f73e2bc6
SHA256 51b67ae1066eb179562cf80a8a156bbd4b139b83072f610bf62c0b6d58ed17f3
SHA512 ee19a8fa40bc7e991ac289eb30ceec8264d6071f124e99791022961c99f25b97def4f13fa96149eb52786d1104d85d20410e65a333304c0df6ba858472a557d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\defaultF0W31HF6.htm

MD5 5243568476eb2052b2f3b67dc9053e86
SHA1 b126aa6506772f9024b76580bdf28b45e3a7f051
SHA256 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80
SHA512 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R2H8ZEZE\default[9].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284