Analysis Overview
SHA256
9cd0d7a688de62b3f0aa5200f8602294541d806d089b102c2c2f9dbce99cc707
Threat Level: Shows suspicious behavior
The file e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:08
Reported
2024-04-07 23:10
Platform
win7-20240220-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 2960 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2004 wrote to memory of 2960 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2004 wrote to memory of 2960 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2004 wrote to memory of 2960 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.7:1034 | tcp | |
| US | 15.54.159.149:1034 | tcp | |
| N/A | 192.168.4.216:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.8.44:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.4.216:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 15.204.121.75:1034 | tcp | |
| US | 15.204.135.55:1034 | tcp | |
| N/A | 192.168.3.65:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-rno.apple.com | udp |
| US | 17.179.253.242:25 | mx-in-rno.apple.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 142.251.173.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 15.204.124.19:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| NL | 142.250.153.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx-in-mdn.apple.com | udp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| N/A | 192.168.10.114:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | tcp | |
| IE | 212.82.100.137:443 | tcp |
Files
memory/2004-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2004-10-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2004-3-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2960-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2004-21-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2004-22-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2960-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-28-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e44096dde3e45e86723bef3ed9832ae0 |
| SHA1 | 68bf649f85ffd1eb64cc7fe252eafb4e4209eae7 |
| SHA256 | 2383f7f265bd11649d529c4f6ce96b01e9053ceca02e4363c19baeba2ea4ffa7 |
| SHA512 | 8b71023966fc744fda9a600011e0f2e2a7463308a4f96da91554e0ecfcc7dad5fdb16a1881a63b18b090a35ab898583700e5c4f2cef655e50611e1d640cfc36f |
C:\Users\Admin\AppData\Local\Temp\tmpCA15.tmp
| MD5 | 998242709dc9f1e7ac42bb497dde2fa3 |
| SHA1 | a318f41df4faa35799a5c19020a9b91a554832b0 |
| SHA256 | b7ce3e30d00731a2bf0de09695e1e6bfa84e026489645c68737161ff2ffa3948 |
| SHA512 | e44591e6eefe3365c57b7eaa08aac1723f9a89d3d18fe958fee5cc932d3be59a079fef7f9611dc61e17a53341e4c9a6f5b95f093753df792dec40bc92a59108e |
memory/2960-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-53-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xs9omzxyQ.log
| MD5 | 84e53a474580534e8e3cd0639b031c71 |
| SHA1 | a2c55cb51a68aba911d7949191345c760338e754 |
| SHA256 | c329c84a5a8889a762b1c93afc390640e715571586adf0e7ea42cd8bb3601be2 |
| SHA512 | e514fb1900524ab691c1ea8440c4cf22a42e42d9cd3ceb291d37609e38e21caf23d3437c887c117f4fb721112e567a3f88e1d875d535b8c80081350dba1f78f7 |
memory/2960-57-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-62-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2960-66-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e840c1d55923aa092bf02c81d19a175b |
| SHA1 | 00e1bc6d38aa874b587ba24d5f88775c80c01181 |
| SHA256 | b534a6b7ceb72cfeff50e26abe2d1f0ad4eb27b2925242ba7dbd7fec6002e17d |
| SHA512 | 6d6173e07eab388654c8169cd90bdac4807bd9db9c3c62cbb33654c23e2869f6d7c49796467f2f1ab78ddbbb4ebe098767e0819d10f0c7d56fb7aa5927651956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8066fcaff90de602984e3149444e18f7 |
| SHA1 | 893f9ce10571669583f2068eb549105193ee162c |
| SHA256 | d677d3de84522854dbb72e89997fa95fb66642d5cc20f90305e79476326fa8c5 |
| SHA512 | d6dd09080bdc89a4cc1259d2de7e2f324bc54fa0b75faf51857a4aa2dd0d8a43b5174e0b73a7c22bdec31e6faaed0f62ea2660e428edcb1572a76667f34316fc |
C:\Users\Admin\AppData\Local\Temp\TarC561.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27e5890ca6e2195970ce5c6ac001bb1d |
| SHA1 | 03bcbaae54128f21f5a48bd9c203801898614e74 |
| SHA256 | 3bce8dded2dbd78803c226441c18280d01ec5b8a974b57e496ad9fda330a9507 |
| SHA512 | 3529a455824be888178bb0aba48789ca4e435cc8408c65faa6c478ddbaaac498a7e6f9eff193e8fd9e4aa59941dc7e4df4e62491b2ae9b33306d261fb61ede19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d401001988f81d7dcb39ca73533d1c41 |
| SHA1 | 5defc32ccf989c7052b08ee7ff6f8ef1858283f2 |
| SHA256 | 9563f3aaa16e242fbe71eec13030d6f0159538f9177a36e2e49e35e0ae4487a1 |
| SHA512 | 4a82b5c36ceb3f99f014587f4035eb962348af48ad8a51e43a0a1f94ac2f2b9a22704be75ef3e7ba158e00e65b7c3d17412f6d0bfefcb5c832c8aa5250308ed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1d297cffb52caeaae1f9c6cc85510bd |
| SHA1 | 31c0bf9b8460c19e60748042d7cf4c8cc20bdd6b |
| SHA256 | abfa06db3821b9bd707e3ca7d74a12259b89afbf6046bc4fea9fe1aa2cbbc7df |
| SHA512 | ddf30e8620143c3da870d594545cb7dc8552d195151299cca59c9ae3ffba3d1d14af404648909b32ebc316d9fbd7f484f0a1cf71087a15f7312b13ec8f8e2607 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68dd0a620118f9d93a983ff069809856 |
| SHA1 | 082e1f0ab4a0a00ebea61ba7534c74a0b12b0b18 |
| SHA256 | cb9bb17b50963c018de4091d2802743411986f2a47014d8951337de3dc5ca269 |
| SHA512 | 0ea9f3ec9074e4c860bd997b86af3b61f84ef582cf11c13a7c903618547eae44e68af193c62f4ee792e7482e636dc72b42542b34255f606418a67b2b88adafd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 296b66ccfee7db9a5f7418f3ab12f0e4 |
| SHA1 | d936c40e0aa6bdd1a744ee9dcb2fc3273bedaa91 |
| SHA256 | 8bfe68e88fb2473a56043c08704874c4a7d1ecba1ad19f3ae59f869f1e93390b |
| SHA512 | 7fddb49ce07c0b6ee84d03e1c3066bc5342e664e238db4f5dd75bf3cf081344b81c62f6199d69ca1754722b0640a74aca97e45931359e44e94634727c0d7293e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01d0831605f73eefc651d1e31f09c4cf |
| SHA1 | 1f0cee6d48e98cc371b6db3e88602b53f0d38874 |
| SHA256 | 4114323418aedc1f44a465f3bb4dcd9a9d8a86122466b8311b0240c7382a2199 |
| SHA512 | 1cfecc18a2ec43432f0374e26e76500244c9d7ed6a7dc73d6c0beb056f3ec5eeebd9b646d536891cb5e572110ead1ff05a77428bd8a5f0fa0987bd705f9072ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da69f64f03a81b973efd7648c4c55172 |
| SHA1 | 00de43e1a259e9e23ea52d193a86ef2f04c953c5 |
| SHA256 | 6c6e9824a785e5cd838585c0bbee2bf4fc78ece770da3acb561117481857fc89 |
| SHA512 | d342a21c3e1a114707bfab57602afad7cf5dd4c5d332efbf416a1d9d50ef068505be55dda813e45da68640deb9eec7e9db05cd88577f9b3174e5c16a6f0bf6f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7ce4ef98d3215226421dc0a31dcec85 |
| SHA1 | aa87da7125a8fbaced2d0708938eef4386690e6d |
| SHA256 | 016e44f2690510867312f95f72af9bf5ae2a9b2f8ca88b98b78ee5f73de005cc |
| SHA512 | c7d05cf221a9d16134b03bede4395e002aec837e9fed42fb40e81b6240e533ecacc005f598ed3992df5673094943bf76f5b4a6e294442f88c2bcaa5944c04548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba6a461d150276ce7bbcadc4461dbcf3 |
| SHA1 | 24f937354b21b67bde8e56ceb6c9e569d9e01465 |
| SHA256 | 146148d38d633507ff8db34f81d38099f142b596e17dbc06f211591b8ab9fc83 |
| SHA512 | 6b011ba86ffd41c5381a7a839ffbe1559c4d54838448b2be2dc76f3e76278fde2127cef16e5715105dae9cdbe5f87ab67f24b0e1d85c76d7300ccb29056678e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1025fa3c5257f9831eda0d7890aa3f14 |
| SHA1 | d6fad42859e40816ffaba3456d35c8859010935c |
| SHA256 | 386cad1a3995a6bfe872cab4bf735d796716947b385881f3345bc38f3729a8b9 |
| SHA512 | 2887d6a121e99f7b0da75ab31ed260616958b0693ceb3f7222a06db295d05e70c0021ba67374c51269333ab5b2749d6f1b9aa793dbc4a8bab33907189c9f2414 |
memory/2960-1174-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe42427f399682d4e6bbf699e56cb94 |
| SHA1 | ca5cd8858432c92d4871ae6b4bf8ffa624fe371c |
| SHA256 | cecfdfcaa0fe6b8e8e383d29bcec9221e885442d54add8720bae48b968264555 |
| SHA512 | 29c7bec6bda6fa6e026d85d4543a5b81b57fc32150dc92dca088fa4468403f3ad3fb0dd01df15cdcd723ae95e6704c329ad69dfb62f1024dc775414591984266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c0919661f8b24c64d989c90cff6c7b |
| SHA1 | 4fa523acd0cbfaf8b47398001036dbfc57d0115a |
| SHA256 | d299799afdc2a96a8bcc0086202c507ec7cccaf750926a43ff5560199d720bb3 |
| SHA512 | eed111c391631a6d5ce7937dae1c592b2fa5efd367b54107f9a92a09800cc65c15ad524350fa1f5b9c6b4cd4fa70bb3a5dc71b7d0f1e311b6bfc32bdd620f9b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f12834e12816e3c224468807f0206802 |
| SHA1 | 008a789dca8382d616375b5052e553e7ee5d5d63 |
| SHA256 | 4090539f208c5fe382f455130ef17e1d39019d9001b518e2ee8aa31e2e46a144 |
| SHA512 | a445590ab82822f0c4a36f4d7b8000fea0a1b72df51bc3ee50270a87798a3be8426673d4a35fc276cc823a8321add6bd19fa9d00f224e9fb2e4f8a0e7a98ac44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f0bf0a3c4abfe4a37ef60c1a5846f20 |
| SHA1 | 7c34fc5d51e181c7496035a12336286dbdce2d0e |
| SHA256 | 64e3748064d790b1826ef710e8380b90b977a0629b2ccda203a2631d7fec0ad8 |
| SHA512 | 48abe3f9114227f6576c0a7b2f1bffff25395cde9761a052432bc6bec024ff71f28067865918828a35decd5c3a82d9afe65b7ad5d1f76703b01fb0b91cdc5073 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 639a10e3b5d8c55f69f34caaf7590540 |
| SHA1 | 091a29e038234d85da68f0e6cb9de01306797e07 |
| SHA256 | a0ed2da6de7d0f1a09e20e9d3b87871c7d2ebdd1486871e44e145e234d67ba23 |
| SHA512 | a5b16634ec31d7c325b519714944ed819a73a0e14666de5d760a035fd7670e70d1b3ee094c88539eb5e6d52cff0bb2dd8975b47e2eb75593dc440521fe6714e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71e078b119b1cdf9801ef5d4db892893 |
| SHA1 | d8dbf422b8c6a6e4511fc62c1eeb5786377817d5 |
| SHA256 | d395070c0738d92233744bf419b13d0451b0b7dd8dc110e457174116db599992 |
| SHA512 | c5061f9b046952c2de00ba405cd3c66c2665beefb8c031d2244109d749549eae64cc831e23022bad3e8b84460f7309f20dc290536cbe4736de4de166df6df91f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 196c61c4fbc7c97d311ca1c180dd9569 |
| SHA1 | 504e35b044db0d1c3ea07542d6a734738c76a311 |
| SHA256 | e51d7ef30e256d761e3febf5a3cc4ed1b5140135382ca4c78aa9d4b70dd9d156 |
| SHA512 | 047275457dd48388100129071f0f88b707398aa36a8b37ea13fd4f54f8712e3f956fac24017b63a00cd296c829c1d53d674dbe39c3ee125d91b90d5122e3ba9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb10266fc3099440c588f0f9a736b518 |
| SHA1 | bf50fb2c8f510e36fdc1ab875acd99fca22f265a |
| SHA256 | a412ab19f9e2217eeac3ede66f10f6af70df4d249aa9396b01dcaac4bc9a204c |
| SHA512 | 6243149f304d1dc3edc7385259a500adbbe5b6413a61b401ff4d0f7fe4223940f986e547ddff77e9435c436944501a8d85843a67db63da1471c92c563afb0618 |
memory/2960-1890-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 008e76ca889a62abc9619d0918c7e74c |
| SHA1 | e1ad4fe5ce575dea2e05a6a70e4c55b2e1d705c1 |
| SHA256 | 241ff18ef56bad9ece2a8f9c0627ce5a169d702330dab4870f581593ff9b3399 |
| SHA512 | f4932012abe81f5180ae31c621725f8263ce1af2d9244bd9586919b195fe67106430e07c6c9583b83a5d88b512fa32107129d35674abe919e2fad0f11cd877e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d38a82d5783f672b02287e6d9ec47ddf |
| SHA1 | 2e509efdcd749945bd7d8904a8fdf81f00696724 |
| SHA256 | 7a5b9d80f711668e12562fa5ba0642db68de3f776aee19ee28ec80bcb3174874 |
| SHA512 | 90a9e9d26ce06d8a527db94dcbd8679ef569eb0fb18f86f21b939bf384f16ef9bd35c239fc5a49349c4928b6084fd810c95cc968a15e8a55fa5d4044a5954c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad9d13de79ddf92eb62dea29d1e3e152 |
| SHA1 | bc2db4f8bde761868182b9e500b361b52c3e3ba6 |
| SHA256 | db0204e4e9d8e2ef482cb40845bffae3c0ac5b65489733d417e217b7e59f7027 |
| SHA512 | dcc22d0530c5e5b3a3e59601e45a8a1c46e3371764a04ef7df5797a906426e8b4c395d5f8e67f3824daf171f7230aa7fcaf6945f5367577ca0c0ea3bfb18c0a2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\default[7].htm
| MD5 | ccfe63b884fe4225fa33f618a54ce37a |
| SHA1 | bbb0778c1597eafe7fb9c5c65412f8ab04b2e311 |
| SHA256 | f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112 |
| SHA512 | 858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\default[1].htm
| MD5 | 157431349a057954f4227efc1383ecad |
| SHA1 | 69ccc939e6b36aa1fabb96ad999540a5ab118c48 |
| SHA256 | 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac |
| SHA512 | 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284 |
memory/2960-2437-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a03de8f8ec0192e96b218652c0fb080d |
| SHA1 | 5bb220e696d22da562900e1401fe487bf67b9f6a |
| SHA256 | 1a5bc72842fd23ab21ea4cdbe55deb536f436f0ab3d461a48291cdbab96ed338 |
| SHA512 | 94d75036fca6e6ae480927654f16d446ceffb910780b6fada3989123055015d5faa3ad3dc2f8df5468b821b542591703346e63ae7703105c9601cbbdea4b1aa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54e284f43231c7c761ea6df3f31a8218 |
| SHA1 | 9f306aaef9d5776173ab513d1baccca84675eec9 |
| SHA256 | 07eb7ba79b559dc42e9f7c59a22e005514cdc3a43391e0a9b3540118f5b68882 |
| SHA512 | 305aa347b51f6bf5f7839d0b46a9c5f33e86c7df24f2002f41e1be9b022cda499781353823c8258788f9fff7cf4127b8d5154e2c243346a948266bb5d2f72e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 109c3627ce9a529dfdfebfd4bb3f3d86 |
| SHA1 | aa35ca5a445695f7d2e29761dd61fdf665073dba |
| SHA256 | 482432e1430797ce8e7ca88caf1325f0f311a75e11f2e7e270fd6420a89f5f3a |
| SHA512 | ab01c349bdf17105aed43709b2bb47ac374049be88304c2123ae84ef5eccf64c9894873ec510c1889ca455445ed787da5d1824e44b85d165a7f2aedcd93fec39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09a0cbb63016f362b2586a40d40b0a53 |
| SHA1 | bb99983af731545a541906e24f1f04e27d0efbbc |
| SHA256 | bebad91e6b33350e2eacc31fda5fc82e1fb3073aca3a08b3cd39fadfa1909bdd |
| SHA512 | 6fc07f267c0a55080925aff6db27bc78a74e0700a0344c9cca2d352103a6e674450bc4f85573a2b9364695539cd5fea61d9b9b791ae4702d77ce5975c9cbf504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 39aa15ce17c77a80aa5354b2a177458a |
| SHA1 | 682308d5a28d2595caae38888ce8f339edf6e5ac |
| SHA256 | f00141827b22d139381a177c4aaacb59bde77659dd8add91e88447e65435c69a |
| SHA512 | 36b0d9be034e947a695095a58ffeed7c58c4ac0b7cb211e47961f46086ff974bdbe7b2244b798fb25b354128cba68c912a014b54b36664bd2a3ee8b49767b8b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9c6bf2e1da5130098ee06a0f356ccb |
| SHA1 | e92495d83da9929f1377d85a43bfea3f63284f84 |
| SHA256 | cc1b700c7066fd0327dc8cdb2c21dddce7956546861b65e5f33972e49900d5da |
| SHA512 | 706791ca98f6fc2e30dba56cdaa501fccf1515af703cc94db2cb386d0ab8d0c60492b46949e9da7b270f1ea212b257981f7bf8ece72eca07250ee4e223562d5e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\default[3].htm
| MD5 | 28d3586cf0fecdada411e6598d0d24b9 |
| SHA1 | 87f72f1d3f9eb8682c25d9ffc0397064489903ff |
| SHA256 | 3f9df02aa51466baf3b4089857c0c9f84b40e8506a4322f3836ce2b995552593 |
| SHA512 | 41e79f5946cbf77ec84555acb9cffecaeada064855c41a46b56c3102f0fb406a627d84347ac14a74768db87e93e68ca534887a32d4cf220e013ce24bfdfab0cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f989b2f89cfb0da89734321dcfc40dde |
| SHA1 | 910d0ac21c869fb81901694906cee8a79e3a19d5 |
| SHA256 | 8fe30ab7ae0b2ac212b5e376231fdc885d622e6fee26c8b614be5ce375a8274b |
| SHA512 | 2164cf6964f648661eafc2dd177e580151d343381129de0035f9c8f46c3a8c56f47379756ca82642eb92916ea1155f0f4e8edd40b62b51c69c893c25d067ac07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53cb9ad6bcadd323daefdb3ff28601f9 |
| SHA1 | e0aa52cb8c2b794148efc300925de53f1126107f |
| SHA256 | eb760290ea66a774323cc8c356428cae32f4eca41748aabdd56ad1cc1a90cd86 |
| SHA512 | 2ce4b078e8c7bf87226353fa26740eba31b70bd754c59e7698a0c7f29a98240250f960e9bc25720d3af36e103a6064942042b1787d6bdee2d460b4d9f413da5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e78a8d774c69e8d23a6e7ab698c0fe8c |
| SHA1 | 6a56ecb4ad64bd4c6993eb773a5e3bf37acbfdbc |
| SHA256 | 04888ec3ee9b2fce178db93d9c53e3189b654b959636ee1d3f3f98e12bb6f98b |
| SHA512 | 6baf0b742217a95529d4d63f261b44055188e58e6b467b858baca9f209eeb9c4eeafc99a94415090db4d3336a2a62ea6032713d11a4ab6eccab6d714c2630f92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea5bfecdb34455b449099425af83fad4 |
| SHA1 | d0cdf625217e858c171b9666806c136318dd591a |
| SHA256 | 307843e56d9e67b8bb30c9cfa0c15b613125d93a84efe033ca4c2ae56f0ec1f4 |
| SHA512 | 2cc5f4ffffbabdf49df017424afe6d276ddce8bd878ef7179cb91c33452107114c533daa630a5433ea2b21e97cb968d3e7806fb304fa0743ec3b9cd931eaa9cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd615d1e8b85dd4b23b5a81a23ef59a8 |
| SHA1 | 96d11dd076266c0c8c23ece0456b1c78c82b57d9 |
| SHA256 | 41cf13881d38a286285596db21b57486417116378a76a5457619dd9a1b6b30bf |
| SHA512 | 87293761506236ede3b92b73f5f97fa8d0a96420c0bf05c43a69211165bb756e0a2b89ea5d6633b141948f716dc8872d96341802a49a783e4e26f8672928ef88 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:08
Reported
2024-04-07 23:11
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4552 wrote to memory of 1928 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4552 wrote to memory of 1928 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4552 wrote to memory of 1928 | N/A | C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e6121e8e377f2a0642fbb781c719d0a7_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2588,i,14229658658073991926,6938034815163866135,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.7:1034 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 15.54.159.149:1034 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| N/A | 192.168.4.216:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| BE | 66.102.1.27:25 | aspmx.l.google.com | tcp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.11.15:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| N/A | 192.168.4.216:1034 | tcp | |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 15.204.121.75:1034 | tcp | |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| NL | 142.251.9.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| IN | 52.101.144.1:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 15.204.135.55:1034 | tcp | |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.3.65:1034 | tcp | |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| NL | 142.250.153.27:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.223.2:25 | outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 15.204.124.19:1034 | tcp | |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| NL | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.211.82:25 | smtp.outlook.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| NL | 216.58.206.74:443 | chromewebstore.googleapis.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 74.206.58.216.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| DE | 172.217.16.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | tcp | |
| DE | 172.217.16.196:80 | tcp | |
| IE | 212.82.100.137:443 | tcp | |
| DE | 172.217.16.196:80 | tcp |
Files
memory/4552-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1928-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1928-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 270e75759ac25afbc16dd376fe5e99d8 |
| SHA1 | 220c3db35eb77cbe639817fe7a7b860a3b707b4f |
| SHA256 | 774cbb4a44acd9fbde71f37865a6ada425a3e8351413656e17268859cbedc785 |
| SHA512 | 736dc75d122d10dc711a65b6b0109441993e1394ffeab50b8df4df11e30a991833a9468a8f9d870eb385441b990b745374cc7666560aea82afc11a1a0e2e093e |
C:\Users\Admin\AppData\Local\Temp\tmp47B2.tmp
| MD5 | f3f73bccfdb99cdb22c40c1cdc2819ee |
| SHA1 | a0974650dec7afdaf974ac5e763651ec3bb85b1d |
| SHA256 | b1ad413d2f269ca1a5b7377e965f1ffc07f357055cacb18d4be9864f5c2f4e89 |
| SHA512 | 44a2b6b896e3ee0a04df4ab7fc3a4ee883603132373ffc3bd289eb9d1d8aca3d5bc23d32b30dc1d436334dcef704717120817366b4a71a62e9bc3f346754f089 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OZZV2MGD\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/1928-117-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R2H8ZEZE\default[2].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | cbfadd8ad43db08ae1fcebacbe5c0bd2 |
| SHA1 | 6f064acd65f465e7f75b32ae999d033b2d753683 |
| SHA256 | d83418990a5416b520a87d5a07bd0003ea96b90e576677f54d03fadcd7701433 |
| SHA512 | 93e891522b31060ae3f8de54ea26d982ce68ac45129a4eda154e49602da9d6bcca58a32d609a56fd3b4d71707db570463a2a0224e8ac7c18062b05c0a9f21766 |
memory/1928-146-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pkgtu.log
| MD5 | f7b9ae938bd259acd2ff3e1b1e75d8fd |
| SHA1 | 0d6345cc83689984ef4e6342e380c01a29b9c316 |
| SHA256 | 4f1555045f774e719ade0b02c18342087233ba2e7e53696a3c10c02ce19d6157 |
| SHA512 | 1ddabac920275bd831dd9caeff2bbaa43ded488a433524f82210a329ee619efab3cef2db5cf471d40352345bd7fe31d33ed20502c973ba6378c1913e4b35b408 |
memory/1928-149-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-153-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ea59ac49511024e6cb1f3bcd74c140ab |
| SHA1 | 5179ef1f621e3c0e62bbdfc20a2eb781c4a41f8c |
| SHA256 | 53eed95e83329348820e91179d0e5026d62fda6562dbd64cf293e25279ba3a60 |
| SHA512 | 0b1ed6b39a743c2845ad59c2c47343b474d93786c2c53bbde7269cf4d772f4dcaac16f535ef539354974135136454ef89b0606884a9c4387380d31ba11873499 |
memory/1928-171-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-218-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\default[2].htm
| MD5 | 2a8026547dafd0504845f41881ed3ab4 |
| SHA1 | bedb776ce5eb9d61e602562a926d0fe182d499db |
| SHA256 | 231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce |
| SHA512 | 1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97 |
memory/1928-269-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\default[4].htm
| MD5 | 5431b34b55fc2e8dfe8e2e977e26e6b5 |
| SHA1 | 87cf8feeb854e523871271b6f5634576de3e7c40 |
| SHA256 | 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432 |
| SHA512 | 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c |
memory/1928-304-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1928-341-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OZZV2MGD\default[3].htm
| MD5 | e5c2364375c0a8a786a9508a840b6299 |
| SHA1 | bec1874db0d2348274b6656d1383e262f73e2bc6 |
| SHA256 | 51b67ae1066eb179562cf80a8a156bbd4b139b83072f610bf62c0b6d58ed17f3 |
| SHA512 | ee19a8fa40bc7e991ac289eb30ceec8264d6071f124e99791022961c99f25b97def4f13fa96149eb52786d1104d85d20410e65a333304c0df6ba858472a557d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCR56MZ5\defaultF0W31HF6.htm
| MD5 | 5243568476eb2052b2f3b67dc9053e86 |
| SHA1 | b126aa6506772f9024b76580bdf28b45e3a7f051 |
| SHA256 | 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80 |
| SHA512 | 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R2H8ZEZE\default[9].htm
| MD5 | 157431349a057954f4227efc1383ecad |
| SHA1 | 69ccc939e6b36aa1fabb96ad999540a5ab118c48 |
| SHA256 | 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac |
| SHA512 | 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284 |