Malware Analysis Report

2025-01-19 00:30

Sample ID 240507-h5sn4sed9s
Target 1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118
SHA256 ed170dd2a76723734f2218871155d6b6111f95ee27badb133539745e4341eb7b
Tags
persistence upx microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ed170dd2a76723734f2218871155d6b6111f95ee27badb133539745e4341eb7b

Threat Level: Known bad

The file 1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

persistence upx microsoft phishing product:outlook

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 07:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 07:19

Reported

2024-05-07 07:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.1.161:1034 tcp
US 16.150.139.43:1034 tcp
US 16.150.130.222:1034 tcp
US 16.69.10.81:1034 tcp
US 68.154.184.41:1034 tcp
IN 4.240.75.111:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.36:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
AU 16.179.5.82:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 16.129.13.21:1034 tcp

Files

memory/2036-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/2036-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2144-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2144-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2036-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-34-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-35-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TVbqjvjs3p.log

MD5 804743f263530e77efbb657260c69c1d
SHA1 683daf3f4502ebd4e332928dddb3777b99cc4344
SHA256 86357b5bbd809fb3bfc720fa032b95060ce31c4d064b6349b25211d85c1dd2e2
SHA512 e900f007a499bb9b1e5730bd1d4fd2075c2da7363ba51e85026892cca3b944a8690c7a9d132b173f35e3aba7025059d3aef1642022b57450d80918b33e84fcea

memory/2144-39-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-43-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-48-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d40492fb8118b2ff6393b18a96de742e
SHA1 8b3d2cffd92d3b4780de944507d8d69280ee286e
SHA256 d008f5fb31182555bbf41d517fb78c02dee2d7653a76d42ad172ffa6065b61f9
SHA512 66778ab5d515095d20e6e1cbc1eec42658365f9b29b71a767708ce35f3911d6c06e0d3aa5ddeca13d71869b52dbaf6d8cd9349c2c139591faf6a534255012359

C:\Users\Admin\AppData\Local\Temp\tmpDDF2.tmp

MD5 d68f602d3a01a912181b7e32a266fa7d
SHA1 a23e9f2df6c45d334b211a7d20948a84160c6f5b
SHA256 4022fd8c044db672ff530576efdd9c3aba3e4fdb25920a2247fb7e0bad50d824
SHA512 bc272589f3f0aabe2fd50eda8cde4c182f74c0dd70707793f135d1d058c0afceecead2264678991acc60d96f8d38d69890e8e0e0a56373d5df280e6791befcf7

memory/2144-68-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-69-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2144-73-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 07:19

Reported

2024-05-07 07:22

Platform

win10v2004-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1fdcdaf92f89e97e71b986df45b69618_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.1.161:1034 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 16.150.139.43:1034 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 16.150.130.222:1034 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 16.69.10.81:1034 tcp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 172.253.116.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.9.11:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 hachyderm.io udp
IE 172.253.116.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 30.81.21.2.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 68.154.184.41:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
NL 142.251.9.27:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
IN 4.240.75.111:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
SG 52.101.137.3:25 outlook-com.olc.protection.outlook.com tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
FI 142.250.150.26:25 alt4.aspmx.l.google.com tcp
AU 16.179.5.82:1034 tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.26:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 outlook.com udp
US 52.96.223.2:25 outlook.com tcp
IE 172.253.116.27:25 aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 209.202.254.10:80 search.lycos.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
NL 142.250.27.26:25 aspmx2.googlemail.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 16.129.13.21:1034 tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.250.153.26:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 snai1mai1.com udp
US 8.8.8.8:53 snai1mai1.com udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 40.99.150.146:25 smtp.outlook.com tcp
NL 142.251.9.27:25 alt3.aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp

Files

memory/2220-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/224-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/224-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-30-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 037387cb637fe108a43fe3a624d326e6
SHA1 b44190308f1bcc22e2c596bc158277962fdb6756
SHA256 7a8b8a3515806191d892c2f577785189cafeaebeacb9e105023db65465e5dcff
SHA512 603e0c085a60eed41d24082b4d52884c2c1b86f44c080eb0887e96894f5560c021cb8439001dab1acb693103887fe4fd286f4cdf8b2b96d967f692e4a4d4e9fe

C:\Users\Admin\AppData\Local\Temp\tmp3F29.tmp

MD5 36e25068f7a14d101e8b974353800c72
SHA1 20c0294faa492f1be964b63582993088420c5389
SHA256 9c8fe570aca7f0f8059e73d5fcd795e6277d618d42930bfa9b131f39f16d46aa
SHA512 a3112e8afe63c1500c70f84d366d6d1d147e936b91a0111ed2a07997bfc8677e82edfb08ad03ab501bd5dc7389cf605738fb565f608c1387a5f81fe4bfb37245

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SZ2TD4H5\search[2].htm

MD5 a78751aac94d45c3379e0eadac040d6c
SHA1 90f262891274d15088ca19e4dd59d293a5a3edd4
SHA256 bdef3a0107453d5d99667a36d5b77192a9ff245364325f982c5d3d75ad9eba7c
SHA512 5c337463b823213bb15046a326f825842a0f7ce6075308b32c2fb1aa13caf7631cb9c1fa90b85230091d633cfd2180a90a3f2fda4bee1ac94857990500293dc2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BB8X2UQ6\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SZ2TD4H5\V398Q50J.htm

MD5 892f9173a2d132c7f79a7bb3d08572de
SHA1 f043b5460a6b90f037bc45bd218000a7ea00dade
SHA256 18a401221a7fdf24421a3401c69fbec6da5d9c524ead2dda2a02ae8900ccafc8
SHA512 895e53965e156072f36da48b0a6d52468b11b5825cff6c6117b59c4002ea99a606441af5c3285ae3390c8938f674a454311df7cbc26087e5c4c36af907ee92b3

memory/224-159-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\22GDAN8B\search[5].htm

MD5 1f6a1df6c0306ce8aa46c7f54512cc53
SHA1 844af703d4d209e23987b01325f76d526b1c7a29
SHA256 f57c3cf61a15dd11ebff86cfd823943a1de38c40bab07e411c35dd925b86e2e2
SHA512 f8bee457ea336c334122382d6a1754c325b6724de0987eb70c4c1c76a5ee6d7b2a9354d2c61812568d8c434b1c98e1a67b786103c7f44fce035933b54be67842

C:\Users\Admin\AppData\Local\Temp\jeqauh8.log

MD5 17fcaa4706dbd7c7f64ee879f4cd8052
SHA1 8a9b089d71989b539032957976330332261fb368
SHA256 e097625fd89e18a8287ee7187f59e6808270db902ecea5144a29e41389a56228
SHA512 ce6c0e91e21c4fc4e653f2a42d1be89694fde682d33fb6e3ccf1a528f142ee5ccdc3a7167b06a0db3ef52c1d5dffc29adc38042fb269be533299dbcfc6208c7e

memory/224-207-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-211-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-212-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 64fa1c52a7bd8780d095e0fb0a1a9e12
SHA1 9479061d4c18eacaa5af0e3d27e1865edcac84f0
SHA256 288aac376edbd3048a9788d65744f08ea0be06509e19550f62e0128a37cf99c2
SHA512 0bfb18875deffc7b604a102b44ab68fa1c649668867b6d46c8d7d8b144c02bbc187006e7f3deeb0a1255830d077c240719f1ac45cd4676d5200552a8cfe8f852

memory/224-236-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-239-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 aa92dd529c90d81ba3ad71b8e97cdabb
SHA1 8fd36a3189d01b1a2e27fbd9cb3dc1fa39daf74f
SHA256 1dda4b76e23f0c30f878fda049ae3bea280fdc20bb4f783e2acc8026295a3a72
SHA512 92ed93a765cf4a039c7ad6e5d284acc051b364b7e9b3e97294e27d4e4f5127c6456eac4b40d97005e904baefd8fb818c89f67b39be8bbf53174f160049b819f3

memory/224-281-0x0000000000400000-0x0000000000408000-memory.dmp

memory/224-292-0x0000000000400000-0x0000000000408000-memory.dmp