Analysis Overview
score
10/10
SHA256
14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f
Threat Level: Known bad
The file 14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-11 18:58
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 18:58
Reported
2024-06-11 19:00
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
"C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2320 wrote to memory of 3028 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
| PID 2320 wrote to memory of 3028 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
| PID 2320 wrote to memory of 3028 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
| PID 2320 wrote to memory of 3028 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe
"C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| N/A | 192.168.2.12:1034 | tcp | |
| N/A | 192.168.2.106:1034 | tcp | |
| N/A | 172.16.1.108:1034 | tcp | |
| N/A | 192.168.2.13:1034 | tcp | |
| N/A | 192.168.2.17:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.5:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.127.0.3:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| N/A | 192.168.2.111:1034 | tcp |
Files
memory/2320-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2320-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3028-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2320-10-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2320-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3028-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2320-24-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2320-25-0x0000000000220000-0x0000000000228000-memory.dmp
memory/3028-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3028-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2320-60-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3028-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2320-65-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3028-66-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | bb0f090e33f6592e2debc601fbaed923 |
| SHA1 | 87d20bcac9ff039d9f177d980bb7bc7995e866fe |
| SHA256 | 2ad59ec2953cd51cdb022bed44f2b627e772ecd32bbd3b26bde2ad3798dfae7a |
| SHA512 | 0a96adbd3c91dbe6aa504a71efd210acfb186f9efaee52c738b60706a040e737acd0f939d6272f24c1d015140632f239f5a933f10d979ec116a94a50e28bb98f |
C:\Users\Admin\AppData\Local\Temp\tmpFCE7.tmp
| MD5 | 30ddc125ed7348b91f211162a878a720 |
| SHA1 | 0524d0c66da4273ca93845f02529fef13f8475d6 |
| SHA256 | 2bebc842d6c39cb47d08ce758817a4c9dc49a03c3132a5ee88d22a8154b43908 |
| SHA512 | bf02729f8b5efa96fae8cdbaedf0af37e8937d102e7dee8547b25b4d91be0fcc20eaec9b6570d9b64f484ccc0d46fce56da903e4f49f8c6cfb8de0b169817d73 |
memory/2320-84-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3028-85-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2320-88-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3028-89-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 18:58
Reported
2024-06-11 19:00
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
"C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe"
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4232 wrote to memory of 1892 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
| PID 4232 wrote to memory of 1892 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
| PID 4232 wrote to memory of 1892 | N/A | C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe
"C:\Users\Admin\AppData\Local\Temp\14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 192.168.2.12:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| N/A | 192.168.2.106:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.19:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.24.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 172.16.1.108:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| N/A | 192.168.2.13:1034 | tcp | |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| NL | 52.101.73.29:25 | outlook-com.olc.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | yourbusiness.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 103.224.212.34:25 | park-mx.above.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 192.168.2.17:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.251.9.27:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.222.226:25 | outlook.com | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | yourbusiness.com | udp |
| US | 103.224.182.246:25 | yourbusiness.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| N/A | 10.127.0.3:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| FI | 142.250.150.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| SG | 74.125.200.27:25 | alt3.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | kinoho.net | udp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.yourbusiness.com | udp |
| US | 103.224.182.246:25 | mx.yourbusiness.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 192.168.2.111:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| IE | 212.82.100.137:443 | tcp | |
| GB | 142.250.187.196:80 | tcp |
Files
memory/4232-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1892-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4232-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1892-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1892-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4232-25-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b2264e13c1abc1d1f6823c4f4fe65cea |
| SHA1 | 99937963a6aa14d5c54964b0e037cc07b658658c |
| SHA256 | 243bfd1b506c09b30d93fed03bbd30b0cba369aa8da9992c2de51496d084728b |
| SHA512 | cdd20322bb6826d32616b97db942cd3bec3c7ff01d3c9387c8380fd6b79a09261f8002639bb3f26309e8108052de05289f4021174347f49db89124a5336c2b5b |
C:\Users\Admin\AppData\Local\Temp\tmpE532.tmp
| MD5 | 861d9c4129059a40e71b8455032d6143 |
| SHA1 | 6b5deb56b6fa7da6f89adbe9f23f1c4a337d7625 |
| SHA256 | 14e5a8edb3050009879698c7a97139d887001e936469fb7a9189637313cf3b2f |
| SHA512 | 68759191d97890dc3e5a0ae88f7e75440c77a178f59e510d51c9760be6548d2b82511b666531db05bdc81aa9e74724ca4be05f8b147b91ab01c49b5c753b0963 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\8F8817OK.htm
| MD5 | ab2d6b34d175d2ec0dc3a1683322bb05 |
| SHA1 | c0d24484b897d51b2180656885d0a9681ac953e6 |
| SHA256 | 2807849f64c9efa7f816e8a14d31fe8941abab59e9350cd5f794293c6d443021 |
| SHA512 | 47876b6030e1aa6fb0aba9e8b9ce5f86f70c07f20520df674769dd896d992cf63d8a82770fce92a28f5054923fb8937f21b6bd09bd18d8fb5ace20549d9ef4b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\YJTVCMW8.htm
| MD5 | 1e564ca8e6a0509c9f87f529353be004 |
| SHA1 | ce73c435dd16aae63dc873ec85b6c9946a4b522c |
| SHA256 | dc04d12811b6c5504726e43f875e77ec6069644946e2f0cf21083bdf2707be0c |
| SHA512 | aae0b61a2ba5559d20fc33d5815f185a29ac8bdbdcdac85ff0c189761068f512ecc4d2df3d91a53672adf685e3f2df181a2bcea6964d542b02981bc0134eb518 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LT2C7GL0\PCVWXDOH.htm
| MD5 | 89718a78e6fd4d0b3362453d7e8ffb8f |
| SHA1 | 6e5737bb6cfd307d4afc696d472147ca7309e2cd |
| SHA256 | 85ed82daa9fc76f802aed5c204e995ac923f6bc66296c92a9267ffc130e9a3bc |
| SHA512 | 8c291086944de3aae77134fb315a941229f1abe0962556d542c76faa23dd041023af3197b189135ce1f11f3979a57fae93fd511fba9b23e8f2f468aa18ccd12a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TF1TYUIH\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TF1TYUIH\search[1].htm
| MD5 | 78435538732acfe3d4bae5a5cea7983e |
| SHA1 | cabad0b7640850bc72cd629d3d4662bfdd630c10 |
| SHA256 | df4ccda11cc2f21ef503f6bf00c6ceb9badfdc05a0d956dc5230f05062c57d0a |
| SHA512 | 439b6f765b3b233093233b1ead85f4399866c1adfdadc985fb52a73f0626bf6780710b52568df6d69f127ee1632962556f025013f634e3a7ee4302bbe32e1d30 |
memory/4232-168-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-169-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LT2C7GL0\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\search[5].htm
| MD5 | 7d069186f9f5ec23289ea7aeffd3a2ca |
| SHA1 | 3d8b758a9bfdbc62a47c98944d82bb06e237824e |
| SHA256 | 292fd3dd94abc4f29f99dea7af9d0a3492c0b0fd4d91cf32af37f8e84afd8f64 |
| SHA512 | 026f5868f03954bbd61007c798303409383754b6116778935ad3441fe8641941897d74b281cd0cca04c3a225d34a4f9f807b65214ceeaf3d8d605d3727fee5b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\search[7].htm
| MD5 | fbb9ec439bb6a25dbeb94b2bd5a7bce6 |
| SHA1 | b0cc7faec7034e00ed6651f9a7ebafd16b8d3acf |
| SHA256 | 9097ff47db9208021da703460ec1bd583137200d66e63487784bdff53e412a3b |
| SHA512 | 1a6221fe69c0b0d7ab69558062718ccf1d90f76057ee8c13d57bfd503d47fd172da55de9bccdce50e9b344b4f36b975d75984c823aaf0ad852c1389bbd80f468 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\search[4].htm
| MD5 | 2cc1a87a2c9614ec397487f13ee91135 |
| SHA1 | 3bc275633cf554ce136e65cf33d4b2e11d408782 |
| SHA256 | b2ce75f74d5e4b7047e7746fca4bba227232def7677f809b3a28d0afe94f1531 |
| SHA512 | 6b638120d7df2c23ee5c92f3094b6b999d19696ebeeb6e280e2da3c5d4d9b279234856b5d48e0f5d2d3d166c1ea88cfc93accb7ce18f529142b10bbb3ea69076 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\searchPVUIIAP5.htm
| MD5 | ef8cd684e5cf329a5a81d7ba762cf253 |
| SHA1 | 94f603e020143d074067731d4dbafb6760046775 |
| SHA256 | a69daddcf4a328007910642e6d43b6d6c4a39bb07b81a3bcabb4762dea2b4455 |
| SHA512 | 98693d1e2b0e19ce9c878b67875cfb217a96e82770116eeab218e649ec6a6a950a6b61c5b083e96839aa46541ddf2471d9008824de57d33ee9cebe537c697f7b |
memory/4232-303-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-304-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1892-306-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4232-310-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-311-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0603cafec405a127817709cd3b2a8929 |
| SHA1 | 5702f4568948c7b95df4657bc9ba83c720973468 |
| SHA256 | c2a3142f18ec2a7f55ca07d722cf922fc5ca8089c6de05cf6d39e67fcc2a8a04 |
| SHA512 | ef9683d25453aaeb4be7402452ef9ef8b1c86012218358b648567986e9aaf51a8e9ca894a6909cfeac541fca06fbdbb83193bd29a6c68e5f45475fc493fde547 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LT2C7GL0\search[9].htm
| MD5 | 036a1d1442acb027dda72b030c1f2bf9 |
| SHA1 | dc2575cf7f85a9deaa20114e5f764f4725a74e2f |
| SHA256 | 318ece982a709a5126fd73a9a2be92ae1ba1fa1d4ff81ca018fb90a95b6321ec |
| SHA512 | df76c0362472de79505791b823740ee359ac9e4c4440544651eb95186be3819be9b32f240039e84dd0fe24ac36dedef71e113beeee4723b2f2f10b7a83ca5aff |
memory/4232-358-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-359-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\search[2].htm
| MD5 | 76bbedb8477b5dd90bd30c7c8e458761 |
| SHA1 | f841b45c86c9198e820a40134d56d516c708a30b |
| SHA256 | 5dbb28af0ebc409aabd3f1d6a746ff92745085ec819d3aa3cb94a3fa19f25485 |
| SHA512 | a037bc1ffb749b4733a433df75554ff85488c3bea732d64169bebc6e83b87270ad1df437c3c3207da961f4f42a7002122f27d0ed71c5eed2fdde632537eaacc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LT2C7GL0\search6D0M7GEH.htm
| MD5 | 1d94e5d9b1a65cfeb08258728b79c710 |
| SHA1 | 64106bffd665d5f5d0153853bf75a2638a5dc5ea |
| SHA256 | 4fce0208cc70b6ab5f1e29872aaf80e45855f0a66ba33a8caf06cf29bde92300 |
| SHA512 | 39afabead7b69a962c42a9cfcbe16d6a98562b34746aaac6d708b00abde6cfd62fbd78b65341322c11f41bf580df0864abe1df8edeb2e1b975fa585547bf0e7b |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4d061b26183958995807e7eea58399ff |
| SHA1 | 533a0db3163f9b91e7134c16cfd23dcc21fcbb81 |
| SHA256 | a2f1ac940184d9bb5ebb7ae6a51193d7f413b2df39656739fcf28e6c6281dc50 |
| SHA512 | deb14aca64757269d011ae7f26a13da4d7f74d011ecbaac0800310f73cbb7399bb086e613bb5fdb3f9b2262e0683f17df6acd7bf3f97425f0a443290a9ed8388 |
memory/4232-505-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-506-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c6554fe53b13103f8663517a58ac1232 |
| SHA1 | dadb68876f06160b1398eb515569a15e8c3db96b |
| SHA256 | 32195317b4d84464dbc9d7d3456c7530e1b0be9a1387ed18cc4cf46c58bce23f |
| SHA512 | a50aa0b79cf16e0a9012d08fc9f987ef06078f87c717066f3f563785045a7a5399e9a68582f79a1fc027442c23ca92fee7e2289f4e34ec7099988d837e1b8b16 |
memory/4232-556-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-557-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\default[6].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TF1TYUIH\results424Z672F.htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/4232-594-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-595-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4fbfa4e707a5578e0f062e2e013e1988 |
| SHA1 | 9b2adfccb2e84c0753614c891e507abddc917d40 |
| SHA256 | 7f056943ae70207a3c75fe01a09ec3bfdf2c7800a3487cfaaf76c32f394bfc80 |
| SHA512 | 38dbf320bcb7f2e3a4bc501fecbbf12c591256d63a37f888640881f6b90c35eb006f0ea17ac6e6cf26df21b1acaea0733939d0f78caf01dd0f09dd59ca2a8ac7 |
memory/4232-611-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-612-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TF1TYUIH\searchMGQ9K6PN.htm
| MD5 | 49046fd4590f8951dabbc23a63fbb9a2 |
| SHA1 | a51b002436e0f4be02710c197e62b73f7a1bf12c |
| SHA256 | dbb55885d4c48052b7c0e70027323d258bf95c8135e313df6056b04b0035004d |
| SHA512 | 430d655c614f77fb233cef783c7d91890d5839d64aff615562bd8967113b5ec256c33c5742ab27d53eabfff52330131a6621a0d057bb11c74271483040396529 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\search[10].htm
| MD5 | f80f4b2af5d650a70440d3c5de1589c0 |
| SHA1 | 5478aa501768e26f96784a2514c197bd23eb3a5c |
| SHA256 | 86f1909901e84a615185c8b7167437329bc2ce552288e5a56e224c4efe6bb399 |
| SHA512 | 2153c9b86eee2dd0bf6b9beed5bc4c6b224eefad896d6448a3589e8271382ef110cb13d65e868fde1be531c54d804aab4d0cc21cbaaebcb3a813895027f9f645 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\search0M2VV411.htm
| MD5 | 4c6eb570953ef88527b0712c4a238382 |
| SHA1 | 72ba34889e484e26f95ab570d4f95a1884e138de |
| SHA256 | 05b5ed7796a2a00d11fb23e0d2f80eb586768e10f9872276a01aa23690696296 |
| SHA512 | 6bc6e407d080b86e8727d3634f55ff6f413f1b0771a42636a77f1b6a485f7712a74b4e9023e9660b875509b4543e0b881e25a54ef1ba389f5a4f5c244f2f31eb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\default[7].htm
| MD5 | 5243568476eb2052b2f3b67dc9053e86 |
| SHA1 | b126aa6506772f9024b76580bdf28b45e3a7f051 |
| SHA256 | 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80 |
| SHA512 | 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\searchA5G32SCK.htm
| MD5 | 2931b9c4fd494618107058ded0d35d92 |
| SHA1 | fa8299ae02ae268c4ef80fb58dc4d0e38fce6cb9 |
| SHA256 | 3218181f644e9ffe3e8e8d9dcdd1362084fc6b7f0763a954b8b008602820722c |
| SHA512 | 789a1dd38f0f0342107c63009f5744b2aefed322fe1252268f16cfff283965907c0de624e80211e5313d149188a46ff81129195a19c1049dd9482984bf76e1fc |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e85981b73461d0f2a435b4b3957f0eb9 |
| SHA1 | 3790e333806b0de22337919b2603af534cfdc06d |
| SHA256 | 8b125941e22026d83403aef47b4803f49702bfb390e4bd08145716775200dca7 |
| SHA512 | e3a41db94305e904d5f720658a83eb0f8745c610d55b1c0a80656d322614cc53b3e3984eab38208205df1c51dad0b9da68443f0881adb5093199a3070feb2a0d |
memory/4232-768-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1892-769-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\searchFFOUD8ZU.htm
| MD5 | 0707932d9a07884f21fc38f10fc773dc |
| SHA1 | be00eca5e761bd64bc8fa0332852104cc0da007c |
| SHA256 | 1e60759c398c27a696252df7beb8def6df9167749b2b18ecb5c2947b6ce34f3f |
| SHA512 | 86f5b1cb17337ecb5edd006dabf1cec1ab365dc06311e5013e51ff6b4c7adc548b67027b8f09a36eb8f60fa5d445d94e3a14372bea6afa72b0f3ed5d5af6789e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y3NRRTXS\search[8].htm
| MD5 | e5e072edf827a05561ffeda873d1ac96 |
| SHA1 | 70405f1ec5ff209caf1a3051efb85df8cbab1486 |
| SHA256 | 5313d6ca325db37ffcd1692b91e125a1741f65e4a60f40a42a008da7c13910e7 |
| SHA512 | bbaa630416747ab955b91bfc7d8619a834a74fbe94d0c059de92f611144745959998123236078cd89507d50530fe31191878d3aecb5823f3d0fece56d94fb0c9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y19NSK22\search6VIM5U2N.htm
| MD5 | ac7c533834f8af2c6f5c6404f86cd930 |
| SHA1 | f353d729f284125b3ce1edeee8a422757e3e4b1b |
| SHA256 | 4d790d6ea39586e4a979b66646f8223cd983ee2f22530e379325691505a96d88 |
| SHA512 | c39e3051ca88714a9d91720993d2e8a6b30f68349a16734a15dab739f3eb0235b6780c80119f729fe7bf539d06c45702fc5bc1433131cbf232af56328d5822e8 |