Malware Analysis Report

2025-08-11 06:11

Sample ID 240610-1ktd1sscql
Target 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118
SHA256 7141b4d7594262026b952176c0cc1819e28f11e43320eda2aa69d8424d920117
Tags
persistence upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7141b4d7594262026b952176c0cc1819e28f11e43320eda2aa69d8424d920117

Threat Level: Shows suspicious behavior

The file 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence upx

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 21:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 21:42

Reported

2024-06-10 21:45

Platform

win7-20240419-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
BD 203.76.97.63:1034 tcp
TW 218.172.213.152:1034 tcp
TW 218.172.207.241:1034 tcp
PT 2.81.133.157:1034 tcp
TW 218.172.206.201:1034 tcp
N/A 192.168.1.213:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
US 16.150.140.1:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 gzip.org udp
N/A 192.168.10.217:1034 tcp

Files

memory/1860-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/1860-4-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2100-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1860-10-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2100-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1860-22-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2100-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-45-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-53-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2100-58-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 21:42

Reported

2024-06-10 21:45

Platform

win10v2004-20240226-en

Max time kernel

155s

Max time network

165s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
BD 203.76.97.63:1034 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
TW 218.172.213.152:1034 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
BD 203.76.97.56:1034 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 52.101.11.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
N/A 192.168.0.79:1034 tcp
US 8.8.8.8:53 aspmx.l.google.com udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 gzip.org udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.40.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
BD 203.76.97.76:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
NL 142.251.9.26:25 alt1.aspmx.l.google.com tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
GB 217.44.192.139:1034 tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.41.25:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
FI 142.250.150.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 lists.infradead.org udp
US 8.8.8.8:53 casper.infradead.org udp
GB 90.155.50.34:25 casper.infradead.org tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 15.136.19.253:1034 tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.223.2:25 outlook.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.251.9.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 hc.apache.org udp
US 8.8.8.8:53 mx1-ec2-va.apache.org udp
US 34.199.147.133:25 mx1-ec2-va.apache.org tcp

Files

memory/3324-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/5008-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0083dd917dd333e764b8b46afd60a19c
SHA1 62b18cde3b760ea27876318cb81ee847ba8d3b63
SHA256 57d61073681abebe6f70beefd7499eb1dd9ff2bddf487e9c54314292102fd21d
SHA512 37b85dc930c2a4b656373dae026a526b9b2b6563594cd2e35665681577833c90f9ec125a8da7aee0c48aa4ca2460cf295164e3bf98ad56d7f3347e7eed4a3ce1

memory/5008-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-30-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp39D5.tmp

MD5 8cdb0bf2fffb85d6b872ab040bfe5087
SHA1 ae9141c5ebd6ec0f2fe7ae8cdc1b38854b3262e0
SHA256 553e436a8c137e738d34c2a17dd034976f1e5b936ce0c8b109daddaaf541163d
SHA512 1ebfa25e30d11cd4131eecd9791b54a4ef67e50c182461beb12bedc375e97e1d58fb1940ff7bcb8dbb9dd40d492c8f9014b4d89c547b27f903ed005930b80207

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 06e633d6753eb9a2e5fc9f7b8074600a
SHA1 a05af4720e5dba57aaeac41500335f884886cdf7
SHA256 47be518fd066979c4d46556386fdc3247405a2c0f3ef621f7d9990f9604bff1c
SHA512 38c06212fcb4beb8de97958e5ef149c3be69c3c1f3ee647001f50031803cdab170f800a81b5a5a3ccb91e0bb1d748f0668bc5a95fc8d522a2efede7b9d43e9a8

memory/5008-97-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[3].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

memory/5008-148-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\Z63CIK3I.htm

MD5 9dbcb3d85968f4c16eba3de096b1c198
SHA1 f779b7ee5a1f6f88361e1db3d72952d5c2961a1c
SHA256 e2cba66355d41f91adc7eb215ac29c91ebba5b7901f1672681e5c73eeb555259
SHA512 35b78e1c1e98431257593de397ef5ad524a95699e58d915c02929bfa0c2233227ae0d8e5432c7b2074b455f88538b52a07f2cacd8105a5905460d05ebb4fa9bd

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0fca6b7ee107cf97e0acc2c30314456b
SHA1 269b187140557cadd750b71ae7e1fcec247edae8
SHA256 2492d92f1a150b6043bcaf1a36870a34d9fbad18213bd0d68ee1c6e7f2851a61
SHA512 11154c5b955b809e4c0e92ba3e35a3d87e5128343619708dc8749d2e20af6188834a93eca37fe0db5387a5e219a7d965a1bfc95ffa06d012cd2b0a59adca04d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[3].htm

MD5 b2ef8d4a3506b9ecbd396cc159a3f0d7
SHA1 2940ecf5cfe5d226ed9e7f9e47f8eb4190d408bb
SHA256 8244eb46dd5c295989e22ab2b5b13ccb56f0e8e777569b64229a6649f48140fe
SHA512 61f7f9cbfe527e9476b75cbf1df0cd780daf7424403bbebc9a10b6ec575f0740e2a0d3e2ecb8fc7c50393d26f6bdd6cf6f1fcdcf827bfcd78a6c7f893c47fb76

memory/5008-329-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[5].htm

MD5 3d465334995b8a6d642b9470d55819e8
SHA1 281cd5f10e78bdd33b9b3ac390b2e2c3fdbf9230
SHA256 a36b089de17532dfd38a5054dc38cf331e8ef2d79337449daae523de735a6505
SHA512 eafddc82753b90cc2ca5bca96be0374878390f8293d2caffe1a42404774f3624639b67d02cadeb801bbf704aaeaf2fe008308feb31341503155a41273829176b

memory/5008-363-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f7035a8554a7583df6b7ce4c0ceffe7f
SHA1 3a4f9f310799c42b6c32a5971817a52824fc1494
SHA256 88bd18a79dadc4005e335760a29e23e9c319b01c4369e23f27f4f5ae902f78f8
SHA512 19b0c198acd84a13cbf74fd2727a3e8adb4b6782dbfc7f6a446979dd3d8c7f49eeb8b6c604459cbbe8fa207ef4658069f2de9ce8e90f304f399ce03d20330924

memory/5008-376-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-392-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 7e248261355f24abe6fe3d62a0ba0f77
SHA1 06f01cb9a2800a4588c1449eaf28c2fbe54d0265
SHA256 6d02f3f3a4cef730f655c67a1db17f8cf104d02e2c44d09a0972886e22698b88
SHA512 f3ad2def668cceeaa21938d2b2046a8f2be6b30beaaa48d9626cc10a1d2fd72f3c2474a657db8ae3abf51406e7cd742055aaf8997f103dd7d13d0b236d907c7a

memory/5008-399-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5008-407-0x0000000000400000-0x0000000000408000-memory.dmp