Analysis Overview
SHA256
83f34d549da910df01c6db0d088d8b02ad28eaa5a102fe48e441106ccf28a6d2
Threat Level: Known bad
The file 7a7f036b921cbfaead2986023e6a920e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 20:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 20:54
Reported
2024-05-27 20:56
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3244 wrote to memory of 1752 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3244 wrote to memory of 1752 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3244 wrote to memory of 1752 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 128.122.2.125:1034 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 16.188.113.226:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 15.136.121.176:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| BE | 108.177.15.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.24:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IN | 4.240.78.199:1034 | tcp | |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IN | 4.240.78.194:1034 | tcp | |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| NL | 52.101.73.14:25 | outlook-com.olc.protection.outlook.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 15.136.121.176:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | portal.office.com | udp |
| US | 8.8.8.8:53 | portal.office.com | udp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | portal.office.com | udp |
| US | 13.107.6.156:25 | portal.office.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.153.26:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.214.50:25 | outlook.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| BE | 108.177.15.27:25 | aspmx.l.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 16.18.14.137:1034 | tcp | |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| BE | 108.177.15.27:25 | aspmx.l.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.portal.office.com | udp |
| US | 8.8.8.8:53 | mail.portal.office.com | udp |
| US | 8.8.8.8:53 | smtp.portal.office.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 52.97.208.50:25 | smtp.outlook.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt3.aspmx.l.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| AU | 16.179.5.169:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | tcp | |
| IE | 212.82.100.137:443 | tcp | |
| FR | 216.58.215.36:80 | tcp | |
| FR | 216.58.215.36:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| FR | 216.58.215.36:80 | tcp | |
| US | 209.202.254.10:443 | tcp |
Files
memory/3244-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1752-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1752-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c925035cbcbd8829da5baf51f4629d06 |
| SHA1 | 9a9bbf3e9635242133a5901a3146693ffd8f20b7 |
| SHA256 | d932f74d200b7c05b26acd0962f8b45c3a510a3031d7cd8950ee55a0a7b53a47 |
| SHA512 | 4a67a73abd4cc44562370579c47002b00dee9cf00d1425f03db4f9e1eb6ebeca47f99ec014128917c04819ae669ea120230b7a6b8e1105685102fcd78bf60836 |
C:\Users\Admin\AppData\Local\Temp\tmp1BA1.tmp
| MD5 | a406e2fd8b4f6d8efc8ec95c02d7abac |
| SHA1 | 019422cb710eef3a2ad0c60878279a89bc8c1abd |
| SHA256 | 89a79075ecfb4132103eaaa7280dafeaca63ab7aee03a133d5354d20a2e76b4d |
| SHA512 | 24af855d89d1cf96ecce4e776f197b1ab292d08ab04c04b5d978b7b6a412854d5cb2bbce263ee6c2770ed9cc40f0489d2d68fb70d740b70ac05bda0e0feaff08 |
memory/1752-36-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\0EYI4XZA.htm
| MD5 | 2dc732fcef5487611f2dd89245423816 |
| SHA1 | 7e94663fe6a83f05268548ca297e3ddc05091d00 |
| SHA256 | 5850f787309af80ec8df1567929471a37d8935b267a14617be67727d35e8de3e |
| SHA512 | e91a6b50f3ac5b64b142d8bece7a82c51824f6988b0e178cbdc55a95df3b2fbec2f3fa8bb8f5ce6bda40d67c1c21c802d59ec26cf43c3c3051cafde76aadb31f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\Z5NOZQJ6.htm
| MD5 | 8587b3265dd40043699026a60685c77b |
| SHA1 | 6bbd961cad954812b610cf8af3e58de8f200c1f9 |
| SHA256 | b1d606c60258bd1b9e2137188776e2685952a5f6a1ce238a035b7f6813cdcfaa |
| SHA512 | b9baf2be965ba578a595609a275725897461f1da0437c030062ef28132f3c4d02d3d6f3fc08f14857e921a45d1fc84f466602edc53eaa7b3bb733b8b6f447612 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[4].htm
| MD5 | 00a3b661f9c7c726e76bae4e1dcaf3cf |
| SHA1 | b94a4a105cb393b2130d88c473d10259f98c12e6 |
| SHA256 | 46494a05a2bc0ef54d2930167038764e289211127e45ceda06ee2f18d1acf925 |
| SHA512 | 1e43b0bb4b0d7a850d479ebf240934c158cd2e89887d6018e96152af952a5f16db8f1664a22b12a012962c6b6f46ae09128e686c2a797dbb47a49f04bbb42053 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[7].htm
| MD5 | f9d21a432add120c0a5efd3f26b4e858 |
| SHA1 | 7c8d8a2e69ffb4ba21f453a2b9ad208f2a977960 |
| SHA256 | c0207103eae7b973a25ab2605009c90add36ee29fd6f37d7d45a0693fd8d1e96 |
| SHA512 | 7f4880ae8123331e8ce5242a05675b24c413b279603ff03c3b67753495917eba09ef7714a7b7a996aa68dbb1c4d5e979cc8e5bbb22b6c97e149b4f9ea3779503 |
memory/1752-242-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[5].htm
| MD5 | 67aef081f81f044aeb45f8f6614db580 |
| SHA1 | 50c1555778e843950a4dff8d0875db044f780e4e |
| SHA256 | dec1d20f3fec7056d8623cb8257aa6a304f61c1fa1fa6232c04e0ccc986a9968 |
| SHA512 | 06262447565df6a4d96b3c08e141655afa61af22411f2568593548a42fba571592d97dfb1eb881451c563ae865ba5d0c4f153cecbebb083b95632a92e8f109b4 |
memory/1752-286-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-290-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1752-291-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | eb27c0ee816f48e2fc1d522014aa2ee5 |
| SHA1 | fd220b24a4cf1e0d92851de3bc64925887751f7a |
| SHA256 | 3ab9d187f2dae57f750aa8c9f08389d4bccb4522fd193e577ea33c0083113d45 |
| SHA512 | efc83517473dc0daa9b52ae94c3af5557d4eb0d66f7f2cf226cb76937051c45de4598d52aed0ac740ccac2259e6be0ab4f936639a942b58d1682d88219fdc2d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search354NXSU2.htm
| MD5 | 21100a94bd17d1f8e2b0409f0a7ca26a |
| SHA1 | 895351f42893c798bfbc92beb54a31e3fc4dde27 |
| SHA256 | 706a55c435624e52f11c91bfc67529f3420bdd772795f8d222b8272b33ec482f |
| SHA512 | dbeb5e78edf5e1d3609db4a8390acdf05d04ab6801df5cb41354c2aaa1270e0dd724bbf8e81dd7276649bf8cb3f770dc1a2dd8bf25e7bf8f61ac6d7bac454024 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\search2ZDGWC1T.htm
| MD5 | 6460fcc01a774c0d28632dfc79047cb2 |
| SHA1 | eb08a5fa195c62d4669d88ed736625fc5a2ff7f9 |
| SHA256 | d75b166079acf5f4e3ab7ee012cd38492942276a2ae6fff66b356b9687e5a61f |
| SHA512 | b403ac142e5c36b3d394d902031d70d91c2b5b7b08616b176f27bf5efedb144e3988b383e5690b3dc864eacbc638534a669e3f9829b21e2996a7eee87ee71b6f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[9].htm
| MD5 | b0cea4f5985e888f397410cf9da60122 |
| SHA1 | 940ff5034af541752dd78cab1940c3dbdfc68820 |
| SHA256 | 2ebad8e2460881ed579c77b267175fc9d79cdc3ae50ee19968d48d94a6625554 |
| SHA512 | 5f633856ff71345e80b23dce5f3369e1a2f52ed20effa10918ac9ad0bbc312d197da4080b619ce683e4b083b6774644ee3e1140ef460bffc1435bcde17fcf9b4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\results[6].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/1752-397-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\default[2].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 3d70a3b7554d5af0cbe75236cf093868 |
| SHA1 | 48aba39dfe800a70c7a1c8034f6531e9012b3d89 |
| SHA256 | 0e8c301debde298cfc0f26226e59cc8a3fdbb2d7b417e5ea6f0dd721d0205c18 |
| SHA512 | dce52d7267f37cae66ee47857f00f91324eeed49451dfbd1b164c9ec5667e0f5ed5559a90a2c539abcfc091367126fef5ee07fe9ef5d10947f6ac092545704c3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\default[4].htm
| MD5 | ffb72ab4faba49ad441ce07db37dd8b6 |
| SHA1 | 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e |
| SHA256 | 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660 |
| SHA512 | 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search4G2KT7UZ.htm
| MD5 | 26a4d3280376048106c4530ebfdabb50 |
| SHA1 | a268925edda37770c913309619408d5ea8fd5302 |
| SHA256 | 139317ed1f56fbc39355580e175bb0d2b3a2ff1a9961f3a0fd156ab8bf8a6cae |
| SHA512 | 55e5aeab323e646230c0dfedca04a4386b8575f5f1c853106e6ed8e3c1dceb49158fe65987e269a2cc93d9facf40f58537f9bdc128d46850f5b0e69ba39b8783 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[3].htm
| MD5 | d57bd65e728eb0d5db98aef43e0a2b2d |
| SHA1 | 2f804c90669ecb94905d61e591ea716db2d73da4 |
| SHA256 | 08acee67ddcc77b886ee99d19b3fb21cd0c8de4c097c425c5ca6a9f709f33475 |
| SHA512 | eb8e8bf0fc0331b5c36b6f994aedc728d6ace60eaa0b3ffb59b78d8e4a9d069a9002a3e327e41fe22619fc5357fd56553b34cc1b6af75cac27227f3bd2c01210 |
memory/1752-575-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\searchRLLDE0IA.htm
| MD5 | 8e798f363e98c7f64b464b9a77dd90b3 |
| SHA1 | 4249740521ca0a3bd656caa9800a01f06b2b5462 |
| SHA256 | a5077895e2aa62f0ecbc7dd7cf1aa2429b15b0c8f0d8d8c6a9ec1957c8d3de1e |
| SHA512 | 44a33347718abc15ade65c441bd6c721996a52610e7942fa183cd4af48b30bd033f8a51d4785c70c729dce2be045172755100d0464331008987b24507c131caf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\search1KFVCGY3.htm
| MD5 | ed6cf2fe2be40c6cec3d721a727d23f3 |
| SHA1 | 8efe5f1baafa8d13ee8bc3837b1b215a8e135b3f |
| SHA256 | 0d5806591b6217e950ac7f63d78f02819a6edaaa8cfe7952b9dce6db33b9ca49 |
| SHA512 | 1a37cbc46d657c99598baaba222bcb2e33712a706098d6a23915ff9cc0da01c8dcddee5b9117e590e6c97f915f5d0849a0b6bd15437b97cc5ee2d16426f41132 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\default[2].htm
| MD5 | 14b82aec966e8e370a28053db081f4e9 |
| SHA1 | a0f30ebbdb4c69947d3bd41fa63ec4929dddd649 |
| SHA256 | 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf |
| SHA512 | ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchPHP15TBA.htm
| MD5 | 40532bba4c0dc305e9b22d65191cef70 |
| SHA1 | 5cc768942eeb52993611330ed8596b5c9972c73b |
| SHA256 | ee008dab900b2f814edc4387a7f0c6fe0789fca69bfb289b428a24e0dcfeec5f |
| SHA512 | f6e964d7b2c40a2a55438e0cb418d1070a094f09abea0d77e7ab0c3a34091ace7a690b398425c4acefeef908bd855bf9d945860622e4d713759d785f23dec7a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchCB1M4W9P.htm
| MD5 | cd04e716adebd2ae5f6ff61299798047 |
| SHA1 | 49a7af067518fba697298d4324f9297b4b6f5c69 |
| SHA256 | 485ce1b73f853898b1a3a04a918a2602d9616dafe0a2633b314965d7227cd25c |
| SHA512 | 12bb3215575f8fbf809928780d6900f141e0d04e34525469c43705ef29d9a31b01be35c3d1c4a271270ae841a0425aa76f6d6dcd54bd6e57f0a86ee31e45f943 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0d0b0ca2a68e67f10391094cbd654bdc |
| SHA1 | cd0d3cda631d5c7b5a337fc787522ef760d2c931 |
| SHA256 | 6a684ea1d0eafb13ab5fc2cc7816746a4c46e4bd8db8392dc622aaa3ba936405 |
| SHA512 | 671ac01b778d859aed1e9c4d5daaa5d1175cb69d0814e48db916e2c7b9be204df73bd05361bd7caa2097e82226010388ae9b837865a1bdaabd151b21deb376e7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchO09KY09E.htm
| MD5 | b4b5ed2fb943e6a0f2d2d98b749fdf2c |
| SHA1 | 7b84a9f7254b742e1330b74e257a268275c6f68f |
| SHA256 | 69bcc54a9773f83b3feaa89dc3eb98b0542ee83afba26fb3613bb57dfe8b5e2a |
| SHA512 | 7ae508233fbcd1c3d45deb8939effb76e6328cc6f84e4da889a9ae81ac0bbb3591c93da49855d9512da5c4c8479f24885c0cadde23e2e744c757cb4ad5ddb069 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[9].htm
| MD5 | 3f0bc9d5e60c8a07f2e6a13d431a4e43 |
| SHA1 | e5c8ddf14ea8511c43a03ab1191740a04594f716 |
| SHA256 | 0e9209a46db1680e4bd7a98f436cc5ed7720aa9af07d53d9ba6c64863dd4fc3e |
| SHA512 | 65d06cd00fb66dc4bb4dcbe93876060bf91440825cb53c82c398d6bf95d8ec0af426c4932b58ffbd707dd86cc525a9806f68b324db4783e0ad73ebe9ac93fb8f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\default[2].htm
| MD5 | cb42662caffe525e9957c942617edf06 |
| SHA1 | 615009db9a1a242579e639ee0fc7a2a765095bfe |
| SHA256 | 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15 |
| SHA512 | 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchVRDR3BX7.htm
| MD5 | 423b28d3b4ff3abe97e28d633ba2ec24 |
| SHA1 | 4b50263a69d0a15b7a3b7fec01381b65abf342a2 |
| SHA256 | 07171164efab551494805766d3f64d5a7398ac951f34f89f762bfaa1154ca4c7 |
| SHA512 | 92f72189beef05651a04fc9e665353d072c22f30d8a444514b5cd0683373a06a1e93b7b2719d74d403e34e830c8820bbc1ed68357c85c9465e241f28eb8571f4 |
memory/1752-740-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[4].htm
| MD5 | 4dd7450c904f8996e8d88f0f2f69f666 |
| SHA1 | c3005c915268b90c7ccb9c7b56c80066bfb92702 |
| SHA256 | 248d1cc6babb5cb686486c1da4adc540addee1217a751c28639d773f18078e0f |
| SHA512 | 3fccda729fb0e7a54cc2c64eb78935d04e4e53fd52aa8fdc8489736ae92a81feede74ab87072516c1c5801b10b15779a1103966e48ea991688a3b175fc6a2864 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | a06e8bc0e25602b84522ed096c0eb50e |
| SHA1 | fcfbedbcd314a8fddf46223c0f6f2bba049288c3 |
| SHA256 | 74c7043779fa89b4d3decd0323468359c377c0d3577019a5459a7f998fd9a262 |
| SHA512 | 6724e95d23b4436eb3ec04e3377a3ed311c2879e4a28034968ad244198cf2659f1603c51992d1689309931be188c49052184be4be62f86b2e2dbfffabf8c273c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search[10].htm
| MD5 | 626630d89435309083c54b20680d6552 |
| SHA1 | b1419cbb46585dbb8a1824a8b378b8e997315ea1 |
| SHA256 | 75e99e1ed43664fbd79be507a58ddfa6e6408678f79399447e38e0ea1af5e9ff |
| SHA512 | 9566d6b13bf01bed4258408ff02b4b86c1cce69777f32fa3257d59631904a37d9be518771792b0f3fbdaf87d3f8883abb32e8517d3225d10ce6b5516770f9d98 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[8].htm
| MD5 | 613236937457758aa32caca8f27ed9d0 |
| SHA1 | 9a3901a745744ead2de6b052b503403941ec2af8 |
| SHA256 | 478c0e449c71d26e3c43e623ba21f6aa5c9ce7d231dfecd203354ef64a0c88b5 |
| SHA512 | d5dc7b07b2bae4aa85ac351c9e63a77cadb9dbdc6a7e294f480e40454efe3bccfe40e8ff16c3a11f1d3ae839a2b33dce0231a7eb8d84f6069f5708eb20e73080 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\results4W1AUZC3.htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
memory/1752-884-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchDW1FBM6G.htm
| MD5 | e94748c533d6e339fd96a384f4da00da |
| SHA1 | 8d38c276541c7f032751d1952a9f936e4d26bffb |
| SHA256 | 49024ac070dcc5bea0a40a3238fe4705995fe594b8c5c088dd95d057e12fff99 |
| SHA512 | 8acf747eb682ba45b3233837f34ca3808d4f6f98fe3b924ff1dc7c5b1f4ee07ea3660d3f18f5233f4f8a014bc614e6402adcdb49a83242c4988233c7a4b9b107 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\searchTBRVDK40.htm
| MD5 | b7c597fcb34f494ea1dbd54c497d8c46 |
| SHA1 | a49ac306fdb4f25e98528063abb467f7a73cdc87 |
| SHA256 | 2fc99224cd716a6e6283ce358af33fb345f499cc31973a9d01608d71d0b751f9 |
| SHA512 | 525cde554ea849f3f6eda4e344b0610b468afd6bbf076caf90e84c9d86a494789cc595f7236ba39274a1abd6c2268f37d3e703432c2040da60cc514316b53670 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\searchSCE9WVP4.htm
| MD5 | eb93da62bbe2de4795ecbd4c2e2c78ff |
| SHA1 | 22415baa0c0036fc44bbe6e964f70604ce908dac |
| SHA256 | fb33668326615647cb0219c3231c47a6c099fe8e85f5997049b2d43d2f90799f |
| SHA512 | f15872fb84a339b1ca834b933cd6d0d2a34c1fbd4c9782ff3ef3374c5b726f871886d690a83f588c66a89e81a990a28c31a09156f31d60ed595d776fef50ea7e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchRJJGZFMF.htm
| MD5 | a76e1b04bcdeba50a1f094d0621bd61a |
| SHA1 | fa5ee1f5128289c377d94c90ecb6f2af52c1b0d4 |
| SHA256 | 4332fcdb09aedac11f015c104318af29e34bd8b2eb2ed6efb3e249fe1bbc8c28 |
| SHA512 | 83318905d26f7abd3b645c469b3d993e1842a57a2b46de346dd093162fe9710da86228260f7dd91a7ff8a86086076790ce423af29579d480e696f1f857c96916 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 20:54
Reported
2024-05-27 20:56
Platform
win7-20240508-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1776 wrote to memory of 2224 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1776 wrote to memory of 2224 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1776 wrote to memory of 2224 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1776 wrote to memory of 2224 | N/A | C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 128.122.2.125:1034 | tcp | |
| US | 16.188.113.226:1034 | tcp | |
| US | 15.136.121.176:1034 | tcp | |
| IN | 4.240.78.199:1034 | tcp | |
| IN | 4.240.78.194:1034 | tcp | |
| US | 15.136.121.176:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.8.32:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.18.14.137:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| AU | 16.179.5.169:1034 | tcp |
Files
memory/1776-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/1776-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1776-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2224-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-29-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-43-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 26f81366c32766af9221082b9116f81f |
| SHA1 | 360dfd4b3abeea19113a6ece5643786aa51869a0 |
| SHA256 | 55fd499acba611c316e9cdb73b6550bc7c595690ccf4a55f020b3ee4bc805c7e |
| SHA512 | 36e04f98d5cf388a3b449bbc5e299086f89545a3c3f4bc5b3775ff2ee22c856ecf807f1fd3fd27b76f53e2b149edfd1a7aa5e7e5ef4611b7c5a7e6efb568eabc |
C:\Users\Admin\AppData\Local\Temp\tmpBEAF.tmp
| MD5 | d1bea22699399c754efb711e817b8db2 |
| SHA1 | e3d4cedfefa3c79d8dee23b471a7568b71790055 |
| SHA256 | 568fb60e685ea924cca586623610cd484983a8e210b16f4c3b59dea765eaf040 |
| SHA512 | f1aabb5010b4ff0b2d74701f49a875e645eab83ccb1aed8c0e6e5006afef094639ff1fa906807a2321b2ecebf120f2bb74aab4f267994caf2dea02999301e221 |
memory/2224-67-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-70-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-71-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2224-75-0x0000000000400000-0x0000000000408000-memory.dmp