Analysis Overview
score
10/10
SHA256
8d7ad6ad90a4c2db8ec0691628d532c55a8bb72d9b8251babba9f9aad62c25fd
Threat Level: Known bad
The file 9f3ea77abe9466231cef9841203daf9d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-11 19:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 19:07
Reported
2024-06-11 19:10
Platform
win7-20240221-en
Max time kernel
148s
Max time network
155s
Command Line
"C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2648 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2648 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2648 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2648 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.4:1034 | tcp | |
| ZA | 196.26.20.104:1034 | tcp | |
| ZA | 196.208.73.113:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.24:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.190.69.118:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| TW | 220.143.233.82:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 192.168.0.9:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-rno.apple.com | udp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 17.179.253.242:25 | mx-in-rno.apple.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| NL | 142.250.27.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 15.197.218.168:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | email.apple.com | udp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 17.57.170.2:25 | mx-in.g.apple.com | tcp |
| US | 17.57.170.2:25 | mx-in.g.apple.com | tcp |
| US | 8.8.8.8:53 | insideicloud.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.11.15:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx-in-mdn.apple.com | udp |
| US | 17.32.222.242:25 | mx-in-mdn.apple.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| TW | 142.250.157.26:25 | alt4.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | insideicloud.icloud.com | udp |
| US | 8.8.8.8:53 | mx-in-vib.apple.com | udp |
| US | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 16.115.196.91:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
Files
memory/2648-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/2648-9-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2864-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2648-8-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2864-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2648-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 177c696da873af8c8eb8d0d32c52d975 |
| SHA1 | 1034b7bce743395a565ba7ad33875a53d5fa4d07 |
| SHA256 | b72cc14505d6580e1630c30097c0c9e6f6da30b27289fa41934b81ae0a5b430f |
| SHA512 | 570746c58e8c5628f75c6cfa9aa878ed9ea4b5aad6a2333a5a06bb1b14c3d07eaf54979eccd29c8ee935f63cc47daaa1cf80c73cf871a13a98e640424a4fb953 |
C:\Users\Admin\AppData\Local\Temp\tmp8112.tmp
| MD5 | 2f28903979c6fe31bc63c4a117fc7dd1 |
| SHA1 | 474cad727f46549158c5cdab4d4436bc33cccb0b |
| SHA256 | 48da36186da848208bd2afd2c3b5f81f6e8736265a7230a1bb5eb79354b265de |
| SHA512 | f30850c8aa798ab163ec8c976151e634502b03e35b461f91189f03a8061ccfb8a4b6be7e0b50ce8f0dea9c83c062d3ca465a8ffd0cfa4ab7cdd926241e0d46c1 |
memory/2864-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-57-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-58-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-62-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2864-66-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4c4ea7fd1e006dad9c629c362b0c46bc |
| SHA1 | c305fa5428bd243ce3ba1db96203e2b57617098a |
| SHA256 | 9cf06e4424f45353f6f8c6e60d5c4b4e44d0e34776478485aa5ae93ba4669e3a |
| SHA512 | f1222e2625d3bd4d4559b1c89314b58ad562a84f1df129598c71ea7ca4739c26e78075d7af234aaf089e3889627805256abc52ce2ee7b3ceb5c38707227191b1 |
C:\Users\Admin\AppData\Local\Temp\Cab8926.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8A94.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\DDL1218F.htm
| MD5 | faa5bbca589e28ed1d8443fd59e348a5 |
| SHA1 | 7ff0056a0f616d215aceb9b19f500cbe1b1e4d9e |
| SHA256 | 379ab950bec68d264904e15884481efb9e08d9130418316b80f53536733bb990 |
| SHA512 | 7c838f4b6aee586ea8511f1e815b8cbc6666129d90ec8c86f14e4b522353484be3d959e8eef7aff96ef27ce094611295de6218d962ac09f987ff40ff57d154fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc27824a746104d4eb8d9bc5d29981b5 |
| SHA1 | 4e0e5442a7ce4e5c3d64adf6f38e85f6f601007c |
| SHA256 | a79c9f8cd292f14e3adff6e8116cac1c6a14f0fe80c8a12317f432597611a2e1 |
| SHA512 | eb917f89a9ed1c515075bfcfefcaa6a5d754a4f6225515430573b7254959b875bcc264674026729eae9360dc5a9d8e6afb8a6507b0961b9b5c8d5a5aa890bb20 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\1UZ4X2DO.htm
| MD5 | a164c7827285ec083f114db3a1c18ac2 |
| SHA1 | 0b76b7d7de2f2df87c2762402e384d4ff8c8e29c |
| SHA256 | c40acd8c61cdc917bbb191f1f6a6c76af0fe9c5138df130e36eec0c5234bbbdd |
| SHA512 | 45a2e551ba8e991588bd12d89d98d6b1d2a2d054e3472ba0b5268253cd3b3010031fda7179994092b7632b46b4a794576675df1ca667bc4bc47bff3a343560ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27adee96562edb790295cc87e814d11b |
| SHA1 | 12c0972496545f0c14ff28589e927e0d3df46172 |
| SHA256 | 73ed343bb12e564b7ce4fd3c575f6a522475580f48e0fc34c5e9ec95775d696c |
| SHA512 | 45f69d25d9196b99eeb52b5f4b17f5f69b9ca62753b39b85bf2daef9aa08d5345c7ad0acc55e394271cfead7c855d1bc8fddce0d398d5fe5f69e263d58ddee67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5841ca6762f78ce9660a140744203aec |
| SHA1 | 8b3a77641d59aa04b7d9188da2e13bba44915c0d |
| SHA256 | 245fd18aaac0b846ca128c6e33c7f2af1ee6ffaec064f9391fdd93776f4074ea |
| SHA512 | 87c1cdd544f398e37eb693107abd711d402fd6d63e486a035d0cc031b663bb6a1ec53094443ce6cb2b0a71a7a77df7cdcfea24b236dde4df40fa38b7408b743f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed118c5e7f86734b75df5ef7e65059db |
| SHA1 | f0c8d4d48f6fdc0fb941e2b68eb53675bc621920 |
| SHA256 | 9793a33d376279b8f331d72771e1e587445a64bc3830edd1f49105b1d3d1339f |
| SHA512 | d80dcdc3be23d5c76b9576e595da6472ccb12077d8739929435f889c504d294620014301780b1005883253fe7497ea2c9b9c598c801ca8491b03e073273de23a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\search[3].htm
| MD5 | df6a51f181ac36b57fe6e55ef6d1e5e0 |
| SHA1 | 163e7982bc543a739aea17c2c1c9dd53aa9bfe7e |
| SHA256 | 7cdd0ab2ab68d38314c3c96c7c53742f657af96c4e437aa8722f286a925bd895 |
| SHA512 | 717dee0bd9f7cc7f7e5a847b9de7a52425a97d2011c2a380589f19592990ed22900875ce58138e8d2da2996e0234e57bc22ffbfe5bc293486a6bf35ea7183689 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a3c839e1a4095a1b61746a00be37772 |
| SHA1 | 419356a00da910b02419ac59fa33f354ac97780f |
| SHA256 | fe206e01502e69b28476b9e1f1100dc3a39235557b1f673b3471d67d2d70cde2 |
| SHA512 | 6a2fe8c7c74c550e8f41663297b0579a9d51262794bca91e0882b8380c2ce306bdbd7701fc48bb503b06cc3b384175dfbe3909423c9dd08de85cd20cacebd884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90a9cc591412778873b34216f5581fe5 |
| SHA1 | cbbfffdb9ac05296ee190b001c460ff244f4d403 |
| SHA256 | a0bdfba77e889db4b01f6c6b9afbcf6c414857dbc191d77dae22006308bfb738 |
| SHA512 | 130530109fe54d9014f6aafa94f96675f7986ddb754c9419fad91adcca1c67d322b5e1da5ab73c1c6c22bd2ac5801dab5bcd7b3ebb698b14f106bc121d07d297 |
memory/2864-640-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b06e73aa2646e720430f0f3dfe27919 |
| SHA1 | 69869af9b3fc7d18996ea81f8b13861440674a6e |
| SHA256 | 6e63aeda23a17d608d2a85d827d57275ee36578064e456262606d99ee502d2f8 |
| SHA512 | 7d251a6a47aeac78000cc1edcb2e7d504f52564d8fed445b7104a8278766aa010e1e07aa0e490bafa202a1b4e2a23b5e6ac2833d6ff90179502ded22c545ddad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\results[5].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\search[8].htm
| MD5 | 0800a0f26274e1978cd02eefc8c4cb27 |
| SHA1 | 3c53b64676769955ad010c84341ba8817395fef7 |
| SHA256 | 671a3a3ae3cfe39d6ab258541427df2f1035ac9f74c7748e151077df7a70c745 |
| SHA512 | 073d2007327f8d27e13041a4fe8f0715a1564f37e2fb81fcf6e465a7ea348dcc619e56b316ca1dcde7f534d538790ff5d351966d0bee5101798904f4023fc8ea |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\search[8].htm
| MD5 | a806f75250e20175c7c5d544b2a5e020 |
| SHA1 | de3f0f79dbfa9a98a064b4422a500f5de1657302 |
| SHA256 | 9458d95447a159c68020944f58bc14d1e27a672518c89cb9e944cc6f91e66ea5 |
| SHA512 | f658f9e3c87132420f2fa66fac8514ef0892dc6252b703ef99102fa4e53f1ab0113d70b495172b4591044a18ed5bd68c1ccbd49bb63ee501ba34e78d361c6253 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | bdcef296ed21b77b8b28dc253437a88d |
| SHA1 | 6c23e6e97807bc09cfa2c12463a4b00eb07e95a4 |
| SHA256 | 78257c6aba87efcb60bec3ea43162b2dda977beac46fb32566304800ded26509 |
| SHA512 | 2add8bb8cbf0109565cb58eb3d6210c0855f6e1eddba29568d6b117ac8f9925bc8b23b28abc923ff15b9dc5eedda2367f046fa7822e720825b1e4de13f076534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b397fb94b945de3cadd76ca511fac1fd |
| SHA1 | c2429fd7c48697d395799d6e5fda69fb1daf8673 |
| SHA256 | a21225d7622f2189b3596701484aae1e683a72900bad6620180b820593cb2f8b |
| SHA512 | 82668d0c5350f86116f00aee8453b5c26063d28e26eca7321f7e11b997dc272e7b851cf2dffe95ecef15e3046af4330c4fa9171236d402dc16c1ee4198ac3b69 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\search[9].htm
| MD5 | a85f7e5635979be14dfb9950e424b1a1 |
| SHA1 | a01de4a30318f029a798f5caf30e53c1af40e737 |
| SHA256 | 6ee5f966b4a4c45cac871402476b5dd541cbf5c3e119fc7e1417b33b8be2bfac |
| SHA512 | 3d1e15dd35f79835b88c28d7a584d4dcf8ccd8517fe7973cf8e50a45becbcfe65df40757c2699d9940fe88664b2340b2a144198f0a2783598a2827f06d03df48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79d51716fedf637abd080a8cd4b526fd |
| SHA1 | 18984b53cd9634ffa5ca5f30609c813d047a1909 |
| SHA256 | e4cacf3aaed592c938270bdb660e470017a8565fc35b64c05ab39673a4ff3bfb |
| SHA512 | 75db88a89659e9beb1478dd23e00f36a883055116e9cccaa404e0ae0ef0546477a6193c69b07ebe56be683243794d93f1878f03ee114d29594b7dd37a9d42611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13ace26456c459deb07df0c77be8e2d5 |
| SHA1 | f91e961d695e0c0afe7c35b90ee2296bf000afc3 |
| SHA256 | 217559b12dbfead01aece21a83bc7da646092313c772764993043f9584ed0673 |
| SHA512 | ea8972a6464328f6da97c6eb6f8b1e85191ea8dbbfef81609190d75edf95c35fa327119e88fa9e42e817f9e9d30f636b7418ba13dea06863a3b9151e8789c85c |
memory/2864-1509-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9386dd08d3863c2973713c693f714bd9 |
| SHA1 | 388ba4b2b67bf443a7e8fed53096007e71e7dce4 |
| SHA256 | 423f28067f706bb0f3134b709065b3bb00de45a6fff303bb880f9641e9afb4ee |
| SHA512 | 54a5830d2f4bcdd236cd62a04e0103a338071890869c0726210a745f1676dc45ffc79f1e44f17104da1ac9158268950a2d9c75382f3e288260b626d4a1bb53b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6511c80beed9111d93cc486278c2d8db |
| SHA1 | 99a43126903171dcf7b0b4deedbbdda8f78ad2ca |
| SHA256 | c215ec5990fe9d393a599df9d2ef359025e347dba64caa5839bf86480e80024e |
| SHA512 | 1cfe2b325c47dd9a1ea31c4319350b1aee454ab9219efc3115cac20e7743d426de9217b5be4ae7bab5f9ed3aa7ca3f5cc16f44fe6bdcb98bc621a57f12e8d624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4104c8e5b180dc888d76ecf827bc2017 |
| SHA1 | 1a39b268f1b6ec4ea60dc09db8bdf7b530147048 |
| SHA256 | aefa261181db175ba665529d6e336b58562e6f4d0e816aed70c4ca6d5d70cd4a |
| SHA512 | f978513276f5d86ef1fed15c2383d0d478c7624e5b91fac2edd7dcf766010ffa0089a31eac1783a9b27f99a4acaccf938b5160caa9a93b67fecbb39346af6769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 173d3e03604d6912006334172dd9fbd0 |
| SHA1 | 8e240e44d406f38a4ea691b7db604b286bfe8147 |
| SHA256 | acd236e3346326d2e077fc7aae9a482b49f2c1753862ca30d5d6985eed82f438 |
| SHA512 | 059923005dcf22259d808ad1b3f139744c48c8f4e2d8d469d5e0ed1704352dd34ea78954c514f4defbb12eed8bbbe78b48b1ffa687485b8695a2b07dc6ab9b43 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\searchEM60QP0Z.htm
| MD5 | 6165d40d5c09d1a6822d41de009e7a0d |
| SHA1 | 288e2fdbbaf6d1638d36b10db16bfa6b28d4eb87 |
| SHA256 | cae6a48fb42b250d011683a6fabf4de722f9266a9d25fe208cee12ce60bfd5af |
| SHA512 | 1e0a0018a04fd468aadc6e5c874cea26cc3c786b7ad2830a6023b71c6d266b93b08bea834075d9c76b7f880ae8d0b468f2156b0ee0f871b934bb1178fdc66c94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca95acd574f0700aa4eb0c30dc615e6e |
| SHA1 | fd63f44f2f3f39e9d057d9c098dc7c39b394eda0 |
| SHA256 | 98ad2500e20c7415e7eca81629129312247edd08876d0716da97a7601cc0b132 |
| SHA512 | 9696e3e19178ebed4a93c6b798c4d1e18db82b6ff0ca5ab5dc92910a049d54a548b65dc5162e9abea0e274e0f1e9a394efd0c79152d9392d89c3ebe570f9036f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\searchFMOQNS43.htm
| MD5 | 51c19144a40bf6312da3d0f842d90912 |
| SHA1 | 75e213eff06ee1d9dc043992d69f2f93e2cd3c4a |
| SHA256 | 09d1d2e27984618038176c3c016ed1dc65fd138b9d4102183366f591739f9280 |
| SHA512 | 6ed29bdae9e67d95a83d5e8ebc7932917990c96dd625c6168f434ae7c4c8ac78e17f7ffb30919c0b77dff9cf82bc1304815a6202deb9f5f397c6b6815bc979a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea6a192224360288f0e04a64f4d789c |
| SHA1 | e4cbcb94ac9cb94ea09f7ce6bd9437c6bc37b514 |
| SHA256 | 3d6aed78513f21d516ec489b2c283e4e8ea67f0c94cb7980917ea56ab274afc3 |
| SHA512 | a6b3163dd46dc201ecebe0623e29a16b6e76f6a22f6e3f605f7122b3058bd0b53344372806c1a56666268288367f8cc972b57f15ba6e5eecb27644caf12e0991 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97ea3874f0d82c0037fcc9166c983440 |
| SHA1 | ade58ba6965a9e2c3b7ff6edf7fe8a826b14c6c6 |
| SHA256 | 5faa265d05a9250113c0dda80defc40bc1ae0e273fad45f52d0e483b25915d6a |
| SHA512 | f53df06eb47bc8be3cb9a522903913bf94218e3d19c46239416fe10737e1375c01a79110022b475d4ab56cfdf17dde882dd8cef72bdf631b15395b7557572304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f0b09c969907f5650d6ee2dfe1be45f |
| SHA1 | 71f7d6933ea272577376aaf1b99787c347419a0d |
| SHA256 | 012ee578520cef88b69c88b9e8513a8a5497c34c85598065d8b4785af5995f30 |
| SHA512 | 1f7b4a5adfeb16e91c8ba08bfb00c444b306a3f8b59e1edcebaf9318009c700fa20cb44156b1ab0daab6681563e2668154bca25b89f882678a6a1ecf3773f86d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ddc79d88bcb0e86b312da188df4fda1 |
| SHA1 | f6be02956125c06314db8516ea8979118e1be6f6 |
| SHA256 | f81f9ba401154ce6bdf26299d69c58145e91c547af9455b54753fffd742c16fb |
| SHA512 | acc80af618f601ba4633cd271892dd3557d3d032663163ce01808b0ffc43f3ad7849ebefe7bacbbeede0d20f03c3b8de32f55a48c265b2bc950ad2b58fffd35f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a122a9385adcf1588cedfd2f00d0759 |
| SHA1 | 8431afa0b239ee21ad5abac5deee54ced28bcdb1 |
| SHA256 | 6a20c4559fa5d594cef25409594df1e1b67d6a8d9238144b86ac2097a5e47fd1 |
| SHA512 | 14c101447f8c456a926dc6f909fcf317fed8ddba9d19eb66ed62ff39b90358603a3d66ba57ca3d8ecb41295c196e60628b7c8d2b2e5921e3b63d626b8f23b484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ced2c081cfb676ed90a95bea89b7ffed |
| SHA1 | fe470cc2794c3101940e71b7448824707c5e867f |
| SHA256 | e12ca27259519389f184107811fcafa20d7adfded0e7a3cdfec4f3dddcbb9ffb |
| SHA512 | 46adfb350e22f2624dca24ad2596c7d1cf411a5fe996a250739448004f5e91af0ae47b6b12ffc913b7ba228019672e07b27d694d41aa6c5bec6037c57051028f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f14b5895fe140c9ed194f1b974dafc23 |
| SHA1 | 6365cc909cb8281243b7efd69c19822b525095ea |
| SHA256 | a46fffa5cc12476908ade62f8cde99611d206436e125c56a2e9d4b07dcdba8a4 |
| SHA512 | 5acf7115d5a3187d805f94865ccacbfbd3055a869cc03d9ccd6af5eac8265b2bd56d7dd346c2ce50051fcb39173685ec66b2f6118017ae9e1cd3c352375da3c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5648216fd4d47a8253d29ee07e2c23e |
| SHA1 | 5dc048cab0489bb6f2b65d85b98d5fefbee087be |
| SHA256 | 688a889e8d9ef6559a95c32c1f10998d2f268320b069828b5fc5b4cc6bf54de7 |
| SHA512 | fe80179a722ff0e44de8b19ad2419c55e0079ea41f1c0cba5bffd52002d8a8f1e55617ad68e1f73b16491b99295bcea764f2b42c214e5e49e0434d842a64e292 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 19:07
Reported
2024-06-11 19:10
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
"C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe"
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5008 wrote to memory of 2924 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 5008 wrote to memory of 2924 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 5008 wrote to memory of 2924 | N/A | C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9f3ea77abe9466231cef9841203daf9d_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.4:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| ZA | 196.26.20.104:1034 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| ZA | 196.208.73.113:1034 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 16.190.69.118:1034 | tcp | |
| TW | 220.143.233.82:1034 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 192.168.0.9:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.102.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.40.0:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.25.90.104.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.102.27:25 | aspmx.l.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 15.197.218.168:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.251.9.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| SG | 74.125.200.27:25 | alt3.aspmx.l.google.com | tcp |
| US | 16.115.196.91:1034 | tcp |
Files
memory/5008-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2924-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2924-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 3fd1f21102b5b678e5bc1fe0406f3dba |
| SHA1 | 22f67772aff2d26853b16fa660158bf9eef8c2bf |
| SHA256 | 6ba6bb1d9b4f9f3a5f88e21ae86a0aa9cafd1e006625f2c6414624e186f0f6ef |
| SHA512 | 0f97c6d9f8b380fe223ea5e995b6f8e3955321bc6648d51c5f7a21e1963bda8f5d911ccbbe0f1e1fee6954ee24df1b6d8d3616ff08aede351144ad7f30266bf6 |
C:\Users\Admin\AppData\Local\Temp\tmpE654.tmp
| MD5 | 0e8b7dc13c51f837f94728674378ac1e |
| SHA1 | 7cba9c9754fcbb63bc2b17bb2b8c11cacbd19f70 |
| SHA256 | a7d74c38e57e197917f9250b7ca4a16e9f8b1c52b1964aca77a0f839faecb96e |
| SHA512 | f246b41da38dbb416231adafc0e9535ee7821dbb81facf102875f9283e813f20ea858b0adaecb32390ad8be1cff03b562ba0f61d57bab41609d50032fa95d03f |
memory/2924-95-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\RST00E40.htm
| MD5 | 0b0657602c933bc60fd1272b753502ba |
| SHA1 | 757dc30f3512328da2f853855e5ef363e5ad5c10 |
| SHA256 | 2760e990b35800183de1b37dec8d3a3f6c366e24a8d538f3636118736ea23c67 |
| SHA512 | 705cb01809f022c2d269b819bf7004b02ce94e1f9a2c62db83c687a768b03a3d5550622f2e76df1c165b04e8a4405daee601887881dbee28828a72b2de4bd1ea |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\JFW24OVK.htm
| MD5 | 891911466d77887f5a799965629b18a7 |
| SHA1 | 5abd6ee15469e767b51e04d90251b3426fd58cda |
| SHA256 | e4e6613474a29fe52137933bf8c6487811fe55b8f5cf1f633672d27155230df7 |
| SHA512 | eebd05b37f3bdf72d13d8427ee23fa16411476507409df7778a287631cbcfeaab5f8363679f5ec433d933f66f6d7927c01054289cde7240c9ae37fc8183ebc4c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6SQF6WJH\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QEA1P7KF\results[6].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/2924-274-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-279-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2924-283-0x0000000000400000-0x0000000000408000-memory.dmp