Analysis Overview
SHA256
25df044b8be41f8b1c3081befa7f7e465b77b90361b198ae6a64abff05b9ea96
Threat Level: Known bad
The file 7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 14:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 14:08
Reported
2024-05-27 14:10
Platform
win7-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1692 wrote to memory of 2408 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1692 wrote to memory of 2408 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1692 wrote to memory of 2408 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1692 wrote to memory of 2408 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 16.37.50.108:1034 | tcp | |
| N/A | 169.254.239.88:1034 | tcp | |
| N/A | 192.168.0.26:1034 | tcp | |
| N/A | 192.168.0.26:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.8.34:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 169.254.10.247:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 24.95.227.78:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 169.254.56.97:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 64.233.184.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | email.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| CA | 16.55.145.212:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | icloud.com | udp |
| US | 8.8.8.8:53 | mx02.mail.icloud.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 17.57.156.30:25 | mx02.mail.icloud.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
Files
memory/1692-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/1692-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2408-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1692-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2408-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1692-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-36-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4ef979747ea830f09ba24e94ecc58b84 |
| SHA1 | cb043e8ec51e8ffef3254eb4268dd9d7c928bbf6 |
| SHA256 | 7ae9d966780ae7417ce4562e0a1b1d1c762097e96f1096d49e8456eb1dc7522f |
| SHA512 | 0cfc2fb4280b86e5424793f7b9b4e72dccf4a4205ee27460c6b18ddd109d1ea5fac84c2e811c808e8bf723ce8b289e10e01c9a0f2f8f0d80a752bfca442d65ce |
C:\Users\Admin\AppData\Local\Temp\tmp392C.tmp
| MD5 | 22971960738e705fc39359c946ebb5e9 |
| SHA1 | 3981553c2aab17b09a98e7e262ab739cfbe489c9 |
| SHA256 | 1e9700564dedae322ac767c02378514ec9e064c30e1a565aa5d0cb9a91babf08 |
| SHA512 | ef24e602fe5c067542330cebb319c16e4b644a8d47d2b9193c3cab1d896be34307ea09bd916364a747adfc40206132f615cc40b23e9c5e7c12936416c9c7b92b |
C:\Users\Admin\AppData\Local\Temp\dnWozue.log
| MD5 | 8376a5557453d936871e40c6387b6cf2 |
| SHA1 | ffa106ace1d5502527ca955e2b98b90a61b9d09d |
| SHA256 | 925b93676fde85d421eb4d93f3929a4facbb9a8eeaef06f5688dc2e4f17e23c6 |
| SHA512 | d52ae76a3cd3b7010f6bb675a47b73573e6d49cf3d052e87c65c84f6aa2d9c5f7b33453c0d1664ac96ecd543a6a8e42cc2bf1e12b624c54ee6fff60abedc9339 |
memory/2408-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-60-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-65-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-69-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2408-70-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e78dd1686441a248d7e162a174590c2a |
| SHA1 | 17613446f84981302349c95538b3ef6da57b5c71 |
| SHA256 | d09cd1264110c274bb598ffa429b7a3df07667c87cf1516570b0c0fbb69daf23 |
| SHA512 | 5aa8038dd7b4bc6ce88ec22e4fb2b66aa5bcd601c4d22f4a19cdb7c4e8b72ba7c4a5eda2756a82bc98d9b5c333eb4d0d42deb68b67932277fd710ba740b7159b |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 68f9f67adbfaa1b6d02e2ff503ffbc39 |
| SHA1 | 186dee4207a63379cdf1cd82d3bd22df0e24b673 |
| SHA256 | 50ff01a0ca6df0a0f1c52195b89c3aac5e20724ffdbff8805d5a1f93a02126e9 |
| SHA512 | ae176f77c2bc2425086294d09dc8652bdd3139fd7e40811db10c70e276444e140b4b9b217c7b4abf034e5285162b2facc4c233208595fef1f2afa5a75104edb9 |
C:\Users\Admin\AppData\Local\Temp\Cab36E3.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3705.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6865873494f548d0ddba02091ca3a9e1 |
| SHA1 | 843633a6ef380513611a8cc6af0e304935de5357 |
| SHA256 | 67df346a2da7141888d7f11b58197e1470ea5ff9c8c87cec36871f718e062825 |
| SHA512 | c8a3ca148766ef37f0e669f3fa090ebf196111e7acb8128663ba044260dca20827849a2e85497fb1bc15caa434d510f71f1d843a47e5e3795f42f805ab1604cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0e014a69d0841f9e35d81debb1373e |
| SHA1 | 53ca41685b374633f40f3a27a5ea75ba8e2f66a2 |
| SHA256 | ba357549df723bb89a2affdb7fc053f3ff95b72cf1e32cae014127c7569b8985 |
| SHA512 | 134a487584227ab906e841c4ea6c90a00104b696a4a40ee98db88edbbf65fc4d9bdf922824ccb21d6f5a9e97c0d982ecc1c60fcd0a3e5e9d6379a12dcd8b3ac3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b695984ae06a59b7ba435b9e70963d4 |
| SHA1 | 49f8fbad9f05b9e2d2b79366bd65aa52f39d4796 |
| SHA256 | 082d71c5d4b88b862735d4a678150258aa3fdc269df109ad2552e220e36e4117 |
| SHA512 | bbf90715379bf7c2ad38a729478454cb411498e051f82b7a00426da02a467f072ec8ee8258ecbf4a681f8c1d8d74401c58b62c9bc18d2a32138c36012b7da1b0 |
memory/2408-550-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a58080abd19670f51ea0cf227cc01f4b |
| SHA1 | 24c17f6d03ffac575f4051e6d0fc0b31f3284e90 |
| SHA256 | d7619dc84841b034866af4e0089035075af723233f58cc9433807bc8aa241da8 |
| SHA512 | a48bc9f003b85621eab16ffb000d184b9532fbcff24b236eda6b485dfe42ee05cb5611091906a19436bf9723c786797ade5a535f5a123a3de6c917d0735f2533 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8924f69b8a7324606ba60cf6c8551e1 |
| SHA1 | d51d3a46820d12d86c7df202a3e0120d8d8f748a |
| SHA256 | 55e9d756d9956ba8c6fdcf2b49296adcec84f26d0347223ba650740263b3333b |
| SHA512 | 0a2fd6f4aeee535460ab05f905d33b23b9b1441d9ea0fdcf75c47aecd739c374777c91ddf60f093324607ddf0614365e8738572ac525717cf357e6873233af01 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\search[2].htm
| MD5 | 804143c60e7c4b20f19e2e5725d04499 |
| SHA1 | 62ca39d8dedb8e75da0f64271daf1951e22c71f9 |
| SHA256 | 231af4ba9d87a34d812e8fbaed4e742070f2a4a5174ae189b93451c9fab40b2f |
| SHA512 | 8a17a4ebd249efabf9fcbcf8ba7bbd1594948fcd6562d5597e894f982dbc999dea20104bc5450db9b425b54a5d9228fbfdca745297d7a5a9374c212eceba84ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\1WUTYPI3.htm
| MD5 | 302384ec71d6339fc83cb37c06535387 |
| SHA1 | 205d6ee397c9a545f242e4ed415403c20ef81c6d |
| SHA256 | be244ae70e1e3a2aa3c8b6deb32866fdb766d68765b7309113af9657489466b3 |
| SHA512 | 8ab62c4740d32a4b0ee895f7706d88162f461808d2a1dc51b0441e0b1497096b0debe8980540af545f1eac4e7cd215e45297c60b47c4edfdb5282cc4310145f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\search[5].htm
| MD5 | a3b61be768e26afff0e7d36bc25bba1d |
| SHA1 | 4dc1348ded1fe07eada8f9a8613747e80a76f62c |
| SHA256 | 42af470233aa660903cbad6b7243ddecb624858c7624d6859eeab58173589983 |
| SHA512 | dba5a63fe9e100c594c042261885a38f9909fcfda86e2e091e2aba522f0e7ee5d4988a0210feb6b1b32fb50f321440d4da410930d221bf9c5464ae4141515d4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88af9a86f8d0feaf81bf1f976ce859f |
| SHA1 | 1aa8d8dcdc8fcce5868f2f82776492dfc586f631 |
| SHA256 | 18bcaa12ac4b9cc3429b63564f65f9b4b225ab15d0c0722d188ee207d2712808 |
| SHA512 | 9426c1cf3844b09b6e55731366d7b3094f217fbfb558a392e2fd38a3f06685c381692e3c38bce2bb1daa9293c0feff00ecaf8ba6588423a9f62bacd556621fb2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\search[6].htm
| MD5 | 201658f472bd95ff5e69eab718e1acd9 |
| SHA1 | 40baf62fad4ddeb9c9772e3f2e3c9b874535ee5d |
| SHA256 | a93393854cd335446ffb643b5ea2e72977ee03c4ff99d8007e01b09cfa8ae488 |
| SHA512 | 6394b77512ad2009da84950d31e36aee161a4bea0b28b0318696c29d461546fcd424b8f97a5a44de32ca915242a893cf3a15eb7718fbf585bea15c3d6df4a989 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd9f107c59c613724bec5098a733fdd |
| SHA1 | 05cac210bc820f8b80332cbec89e6e9697f6eb68 |
| SHA256 | bd77812eb47c19d6dea654d65870132e332ca3edbfc3860e91f136342c188df5 |
| SHA512 | a13b4634f89883afcc2054257e0f03ba3a8b45236cda2cc3c545d0b3972ad19a03351a9a612c9765ee37d3c7230a1f7c8c7b710eeb96a56969e42318bb1e5f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1dd2dafed7d481ac2e36530f30089e |
| SHA1 | bd9d1bff68d47aaf70960fb29aab79e1cf1b38c5 |
| SHA256 | 2fc5deefc29ea13ec91a5bf891f785ffbfe3999da7a702541b259ee14a23f122 |
| SHA512 | 34717ce8b1c7177c2493a1e79d6fd6107b607dc44cf44fd2a6acb87c9ea994edfa62193c94796de075099b1d344f7504f64e79c8ec5cdb572dde8b7d8d00bcfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24d40d2cebb239ed018b2d611a28c3e1 |
| SHA1 | a0dab5b637b320b5f01e6630b557dd42db97022a |
| SHA256 | 74178ef8e70bf38d689c830c003d3bd962589b209aa8bd3adefc3b0c7efa2eca |
| SHA512 | 8a36304cba65fc9743643d05225254a0d4d825f2e57a903cf7304e56941eabc1d7c625c560110951ec17bbfeca3abcee1e650c7f9df9c64f2e2bf9406a58ab8a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\results[3].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d6f207bd758ff3c82fff53a0c196666 |
| SHA1 | 7ec1e81cf517e650554b418a9592bf8bb997e823 |
| SHA256 | 14b892703d6cd66563333c39ca2229211fd340c6852f062aea31727adc5e8211 |
| SHA512 | f7b61ea4001a086cb2ea876f87c5bc6927ea340c6295708359f518db450d9421bf0ab50e04abfa1906f3eb0af517b73f9cacbe4fb37bc99d827c718279aeb757 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 14:08
Reported
2024-05-27 14:10
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5388 wrote to memory of 2516 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 5388 wrote to memory of 2516 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 5388 wrote to memory of 2516 | N/A | C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7959d6f8d5d5ae1b4a5f83d3432f53de_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 16.37.50.108:1034 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 169.254.239.88:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| N/A | 192.168.0.26:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| BE | 173.194.76.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.8.36:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.0.26:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.153.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 169.254.10.247:1034 | tcp | |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 52.101.9.18:25 | outlook-com.olc.protection.outlook.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 24.95.227.78:1034 | tcp | |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| BE | 173.194.76.26:25 | aspmx.l.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.153.27:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 52.96.222.226:25 | outlook.com | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| BE | 173.194.76.26:25 | aspmx.l.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 169.254.56.97:1034 | tcp | |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FI | 142.250.150.27:25 | alt3.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| NL | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.211.66:25 | smtp.outlook.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | smtp.burtleburtle.net | udp |
| US | 65.254.250.102:25 | smtp.burtleburtle.net | tcp |
| FI | 142.250.150.27:25 | alt3.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| CA | 16.55.145.212:1034 | tcp | |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| SG | 74.125.200.27:25 | alt4.aspmx.l.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
Files
memory/5388-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2516-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2516-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 27f0f545947acd9b519f9f8e8aa8a367 |
| SHA1 | 8dedd067a52d39e2b7d888b6d0a61ec175a5a0e1 |
| SHA256 | feda6fc6d94b0e9becbdf40451fba17b5d1e66cfe5ccc9131ef4b5d0a8bc88ba |
| SHA512 | e7341c24d5a4097405d7c81406297242362abc48558f6d8c33e306ef92872b1c52b0d73c8cfc69aca6cd2914157f13846aca635e694799183be03ea97ec77d21 |
C:\Users\Admin\AppData\Local\Temp\tmp1625.tmp
| MD5 | 9eca96cdd1842dbabae906b0a5b2a111 |
| SHA1 | a9ffdcf67c8617f65c864a20186896ea05b1692b |
| SHA256 | 14ca0040c391bfa0423d18d7416473d38d533634d199d7d51b3132be300db404 |
| SHA512 | d0621820c3f3f231a0c89abd3b8ffdb89fdf2a344fcd0d5295ed7c04b871898e7c90798a777180146eb75f59373ac726041549760f263b48b8fbbf74ac2a80bd |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 2b997f2d56b8971617f17b31587da477 |
| SHA1 | ded9a2df8c614e04e1a2e10213f9156b0a65b4c7 |
| SHA256 | fc10d05042e2599185cee12701e73ef216c174aebd398f5dd338d885ce9de86a |
| SHA512 | 12e930b822d32b149a1d04f55ea68fc1d7135b4724930d9d9737bcd76a6ecbd50651023848d9bb3a301c346f96efdfc7f9db14c287b3956c74f3340ec4fd3f90 |
memory/2516-92-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\PNUVV1YA.htm
| MD5 | 31cb30ca2bc5cf73dd0c5149cf3362ed |
| SHA1 | 44604e631cb3d49d6f94c84e146a0fddca7625c9 |
| SHA256 | 650cf160c755e7d35a0f0eeb7c2934a60def6e0cf09e54acbbd726ae3ba0bae7 |
| SHA512 | b0a7d0b150392bc448e82240424dbf9d8f79a9d1fd9f268ca8e9aad8109c5d185250b5e55e31c9e9c2b7f0b9b7b98b058678bf88f2335ee0290fb6924d53e06d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\LGW3Q69W.htm
| MD5 | 7d991f0b5b1f1571396c34801b537c44 |
| SHA1 | ce287e6b3a291f58766d345b11ff88352bfb3834 |
| SHA256 | 3af9deaab1a761b4455b9b7a3ab2a1369ae082f09d522fa412fe035c40b95416 |
| SHA512 | 3a89cbb3502b74271df2f65b683e06d8be1784fffad155a9a71e14dae9ca0248a9aea9f7aa05e81e52c1fd0e0db16b71186a3119a11141a6213cb8c7a2063a2e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\results[2].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\search[5].htm
| MD5 | bccee012fb3400682dfa8ef37c55fd0e |
| SHA1 | b980719600e0643ab9d7611ad7b95c6017a38950 |
| SHA256 | 528075cb7f1ae2222a02073facb21521e023601c0e18ecce725fe34e202eb24c |
| SHA512 | 912c24af8f54521340821997552319c58bc81a96e3327ac97f5c6ca22395f89b842d12b030a41e34c4a3cea153deb85232235c650b0a400353f611d791d4c718 |
memory/2516-261-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hwQaiw0ffh.log
| MD5 | 61345a7a144cfdc76e50eb6c5df9779a |
| SHA1 | 0221fc0b8e4553723f9e8faa81e17cfe4fd78a04 |
| SHA256 | d11b1a30c93cb002f1f5c504a36597322905d0789b3a73cb237928b3e4e88c8f |
| SHA512 | d07511b0434cb8227ec165b7de8a052e7faa1160b80ee88f68a5dfb434b04b6610eef69a265f511790ee30ad8de82b9e6cd8a835b4cb1b9dd91ba69f1028c779 |
memory/2516-273-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-277-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2516-278-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 8023ea4627cffe798eb7acc85117814f |
| SHA1 | ad6b69c4c4febf6168ec3ff34a792ffd21192b5e |
| SHA256 | 3cdc10c16066315667bdd2a8862a8321e98dd38ebbf4e7a528933896d2e8fbcf |
| SHA512 | e7a7389040a34b2f5afea8408cf5616d6ef0b2abf6e2b61efeffb1f192cab0785a5d0d7c55e99ab4782b2b40756138f19011f07e94a6f9d5b422f4219129d859 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\searchKW68T8PH.htm
| MD5 | 14f02947ca56d607e958563d9f543798 |
| SHA1 | 55cddd1ef5b75e713a105a6ba8cf87026c6e6522 |
| SHA256 | 262b2220d54cf353323b15cd8ab0f2a97e920337fce451868167dcd281a9debe |
| SHA512 | 20bc8b40e44e7ee3b4ce0aa691fb62c6991e74d7af8d4e3b0bf862dab1435b26cf09a65c31da1da14ce7e353615e00f4fa4e148990511db4e1736e50c108b1b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\searchJE8T2Q8T.htm
| MD5 | 6c8bdc6ddb4d2a0d8eac179120c6c141 |
| SHA1 | 93f176d8f67d9539fe9a2b1b3b4184cdbfa0c092 |
| SHA256 | ab702fc145043d0fda62575a62bfff97bcc241f4d6de37f834f43de139be461b |
| SHA512 | 8ee0d78daae93f44708fa01adcf9a4a6b748662b5fcfcc33effc347b316d7441bb54deeab2aa048e8ca51be288a380163beef77a8ef261088a78edc9605c468a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\search[9].htm
| MD5 | 16a43dd258e84f00e901cdb624d3faea |
| SHA1 | 0137ceab1e1a0c6e424630e58b67c3efcc3cb41c |
| SHA256 | a30d63c70e963fe0f8f7ac2c724b6f299a4209742488fd3301dde793101a6294 |
| SHA512 | 273d44794b77d61b36ab38328b4feb959a947c484aa0879021283225482e8400eee70087fd353cd31fd14d8e7c95af8997b18aa89fff07f8716f79e55426874f |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 61647b88e38c1fd3582aeb0c681ba844 |
| SHA1 | 6a02a34d95a08ffddea396c1fbc7d26820a8de46 |
| SHA256 | 5b035072443872a08378d4299df0c35887612378cad668a53e6549df54cb474d |
| SHA512 | 6f6b6a2feff862afa8074217031de4012a49847adc705aa018a842aa6b72617912bdad6c2a52216ab71c701da87ef4d8ca494e373ceb20cad63b9bbd94e51aab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\searchAUCK5NA2.htm
| MD5 | fccccdc48c28fd1e70d8deeb654088c3 |
| SHA1 | d3fbb3dbf5087af974b68870ee963892c12136f8 |
| SHA256 | 394ba9fea9954a5900cb5b62cf1127ed7796f9b5a22d3fbe6f4d257c5545f802 |
| SHA512 | a28dba584a33d1a67a7b6b49b65e3fe8376efe8e895fd70d8844715dcd8d78d1c83dabca213f1f0b00c14e7756a6dbfd4455d731cd13f71b5fb17687276804af |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QEA1P7KF\default[1].htm
| MD5 | cb42662caffe525e9957c942617edf06 |
| SHA1 | 615009db9a1a242579e639ee0fc7a2a765095bfe |
| SHA256 | 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15 |
| SHA512 | 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c |
memory/2516-420-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QEA1P7KF\results[8].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\searchC461ORCS.htm
| MD5 | 2eb144ac51c5b52c455acea8dce6703f |
| SHA1 | f2f45fc7ceab811808776b0ec6884d0442c31ee3 |
| SHA256 | 1071a4d42bab5f135d6a85362158c98a01a45b63a292000297ea7b07470545e6 |
| SHA512 | bb67bf7abdebf4660821f5bbf2f7d8013db9ddacbc097fdb305b3776aa2d64a9c528d4919afff0ff8f22ab9ad269b115f2575dc9eebcf0da0e38821f9006c8cf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\searchI5UNT4YS.htm
| MD5 | ef7a3a31997c469cf010d5f3dc3541e3 |
| SHA1 | 280fed793bff764e009c70a1ab7ecd5401bb4461 |
| SHA256 | 3cc7898b0b21bd5d888967a293d2c98c138e43bfcdf8765c7839d524b32e6ecf |
| SHA512 | d9cd8224eff982b5079c8fa1ab1ea3f556954ba230ed7dcf5c7137d0cea4ddaca05d92d726057f69574444123bc21059ee0d8727faead7a9302b3c05f6d1f3aa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\searchZXO31UO9.htm
| MD5 | e3f3628782f3e35edcd197abfd2bf4de |
| SHA1 | 8f187163a49b6dd2ca91d5e83b2f1c0ae36cec1c |
| SHA256 | 464dcd059344c12ba8b49ae2aa28e93e0c0445432da5d2f59a56cf9953720e81 |
| SHA512 | a6e49b2515a1f9be394074e319679df640adf0f6c1b1327c7759c1e0d091d5b8b1a2cc7f6bceac631d2be6b31246f22b5155b948477df29e84b4dbfc3b12082e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\searchWARJY6M3.htm
| MD5 | 461f0c0e480e8164c09fc0001a314f78 |
| SHA1 | 148d480e89b4ec5c4a196d6bf16bd0287536ed30 |
| SHA256 | 0b8fdd66ae88744b2b84711ec5b8aee4b3f422774a3851c7ec5117d08fc37bf5 |
| SHA512 | 1beaa6fba28c75a978267f96a1036fa72b0b76153d75ceba640292d5d260d172a6c83edbbb392124a96af2eade19e79fc82b00dd84316fc6ff8d01684bfe688a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\search380N0T5H.htm
| MD5 | b61ae8ed3fc6dd566a0db7e217f3bd2a |
| SHA1 | 8cd53d449c4e77a9604de59b0a54d8815e7283de |
| SHA256 | 3167a8ba635e7c41c4b984d6fe76340f06c42555f14c519564622b033531d1e8 |
| SHA512 | 02d3b684871f5eef80db1bb3c858352b62dea68b91b53556c8e1a4453a75319de3f299f76b742598532029b78810353fcf93eb995f51977f538446b334d98f6a |
memory/2516-575-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d5506d9d64e7ca68d070bf0232f0256d |
| SHA1 | 4d82f2931d973bf24da7e68ecd2b48b2d9def169 |
| SHA256 | ee8cb4e72657b71ef1f58391ec7741c981958423e0cf7ff13359deb11e1ca600 |
| SHA512 | 3e50b0be33b0e294b51daa58f6fe09f7e5cdabb8a73c467b83a87d1270721595ab8c1f655ae1746944588748979e760bd35b200f814897b4beab1dba15732c31 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\search[6].htm
| MD5 | e2c8dd3aa1bc0d270415ed8c9734ce29 |
| SHA1 | a948895db918fb3023530cdc77c1671fb7342918 |
| SHA256 | 4689c1d3368d085162a704f6d4ed7a3f6fbc9fe7c79f89cf35ba140d8cf77ed0 |
| SHA512 | a6f01489622143839d0025a7b6e4c644be9ccedfc5be9a1f323f2ff21d0d85e80fcc4dc48e22ac54e00d55fd3c40b8320bf78ddb54b3469824bb41fa70487e07 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\search[7].htm
| MD5 | 54e999b5164f1108dfc341aa1e6aebbf |
| SHA1 | 890f49277e0814f88cd84eabea1120a8ffac402c |
| SHA256 | e3e1eec1bdeae43cf4a4621c27c2e9eb303a2a6f7532a89b22b55e24bd693d09 |
| SHA512 | a1dd83d1cc79be02ee2b83e86cdc7fdfa6b5683bf4077e4f1d8c38a47502ae9161dd4ad57a64dbd6c31d28e683933701170b44e35f3afb6e629ca7cb5d819413 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\search[9].htm
| MD5 | eac268c745905d7da2d82e9ddfc30618 |
| SHA1 | e6f28c1f9de08a6ed6690ac7a391611e0e34d9c2 |
| SHA256 | d7bee2c3a3172e37e89bbd48443d651598985d9d4c6cec2ecacf1f9a2732361c |
| SHA512 | b4776c073eee0b6736cea6616ae6ad1e1125a3e44c54a586654363b7e034ba8f095f36c8836929941c3db243145ea7e90d570471546a2fee973130b85a6ca410 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QEA1P7KF\search5YGDNLTH.htm
| MD5 | 59ad1159e65f6941235fb7766c23cf94 |
| SHA1 | 34af61fb08d51d0330a88f9bbec7f831dc0e177c |
| SHA256 | b29a62ceb84a435364839b4f242140a07d3cbacaf8fd3a4b75329193969655fa |
| SHA512 | 2e77b387d84b43bc7124f3ce85933e33150c6d6be9d256c992060139ffe9e6009c50ff17925f83721cff3e15a3226d45aae2a5a80f4dbc8cdf0601c2e81c910f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\default[1].htm
| MD5 | 5431b34b55fc2e8dfe8e2e977e26e6b5 |
| SHA1 | 87cf8feeb854e523871271b6f5634576de3e7c40 |
| SHA256 | 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432 |
| SHA512 | 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\searchL33CV1I9.htm
| MD5 | 87597c3f803fd92662055de3649898ac |
| SHA1 | c51447b78348860709ab65c596d341558e8b6774 |
| SHA256 | d1f05444095056383793d28399162ffe40d0c0680873631ef5ec74d8fe4d1588 |
| SHA512 | 0cdc465e95eafe43a070f4a893a4e81f198d0e7292543c24e7ff500a00e3e9e34905cb91b1aa9b2bd69ab88a640449703bb85a4c4fc5f35501cf0fc709b08cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\default[1].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
memory/2516-733-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\search29JU7P0X.htm
| MD5 | 941bc2b5b9fa49fceb8088bfa983d255 |
| SHA1 | bfa859d43c6e2772c6252cf6ee4b17f6941c6dcb |
| SHA256 | 4105349780b2d04cb5355a113a266f16cf42520569956eda98e01039f05a4f10 |
| SHA512 | 41451787e462785e28af01e882acfd8d857340152b2962301422d992c9fdc25266adb1b1ab55ce8e1a19be94183aaa862b5172543171bff78c03178d7f5a1ad6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\searchQCE5H74Y.htm
| MD5 | de9aa52d627beb3e25dc1d143f11b4d4 |
| SHA1 | d0a33308bb54f4967a7de89136ed7fbb4e2abd1c |
| SHA256 | 7137c82fe6e8060aa6bcd52802bcd2533642373fcdd573ac0d9e106d0b707cef |
| SHA512 | 1d1691f9e38856124d0632ad10caaa5a5e6d94594f8946c44989c97f12233140bb2f61dcf7ae43a750606b93ac9ccc8ebad504222d55939ee82bb588b28ed228 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\search9BZIS8JT.htm
| MD5 | 73aa4e3172e0fa4735b26fa0d7e23bc3 |
| SHA1 | c565f099267881bc872d4d6d48c3aa789a921d95 |
| SHA256 | 76be75d862076f4908c3027973e43e33671476ea493afd08776e987096e84b91 |
| SHA512 | 220bf16365e9d1a1fd5537d16cc1f07582f9a91918c8cc93d7e67d3559c72e346fbfcbbd2f118c062f3e037e6524e03bc78798c1db2db6c596cd1a5889d42875 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\searchE7L99KL7.htm
| MD5 | a2ecc88b30923dacee36b2775e781fb1 |
| SHA1 | 34c52770a5662b7f26e5d79f1e17977556eb2d51 |
| SHA256 | e54e3d749476f629d841277c0b50396584b36c78c225d0e3d4a517f22a256312 |
| SHA512 | 409b1b6a4efa30dc93183e7b93f3aeea56a6bb477c074b5999d5cfe1f129a07c78a0682dc875c531501d420ff34ef0d47c051908ff628fb41c26b39a0b84f530 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QEA1P7KF\default[5].htm
| MD5 | 5243568476eb2052b2f3b67dc9053e86 |
| SHA1 | b126aa6506772f9024b76580bdf28b45e3a7f051 |
| SHA256 | 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80 |
| SHA512 | 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833 |
memory/2516-885-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\search1Z8Z3RTK.htm
| MD5 | 56d4226e69de676933a47dfd25a02a02 |
| SHA1 | 09371b39e03766aabbf58bb31210ed26b7a1b6c2 |
| SHA256 | 98a1f99e725ffc0cb73872e14577dc1c983cb824fb957305c86abebef0fb1ffe |
| SHA512 | b58ffb8d9f77bd8e48125b57cdfada42dabaea46a9ed9df615e340fbe8569a846c0c3d52f84a941d3ba0645cd36ea558550cd6206b68b2a6559649a8fce3a62f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\search15L66J5O.htm
| MD5 | 812e0d8289fe9f668a0654aeaf4e6635 |
| SHA1 | ca8d7b8c428372b3384c266bd3f466f240a29f8f |
| SHA256 | 71bb797b9b1788fc2a729fdd02b254bfe745e567453fb9b4b7056cbe5789c7d2 |
| SHA512 | b46469cccd02979f86b66e9cc368a734cbf494b4a276dd169f15b54fa7d48be1a3abdbab8e35c72a4a6fd5c09ae02df804753f1a18506aed952bcc70fce839c1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ED9UQUDY\searchYFZNNGGJ.htm
| MD5 | f5e43dbe50aef05ac76638326d261c1d |
| SHA1 | 8d2cc356f4a7fc53c91ce9c3dc2797a9b376e75a |
| SHA256 | b5c510a3a3baaf21f4556d8b68df154ccdf3a3a58200f3e5ff7b5e12fb2c8d2f |
| SHA512 | ec73b9fc016753aacf9112606da08b2e334589b642f0b0f443136718643ec916adf7658ff3082a7abaa4f3f1a0301d013a771be41d8f494d7fa5d5cf0d6278c3 |