Malware Analysis Report

2024-07-28 06:50

Sample ID 240613-1kj6cavemq
Target a6b48c613678f42aeac67a34db823699_JaffaCakes118
SHA256 fa784d5776fa633858ba0290606fc8bff41be5378408e7a27d6cec69906f1ab0
Tags
persistence upx google microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa784d5776fa633858ba0290606fc8bff41be5378408e7a27d6cec69906f1ab0

Threat Level: Known bad

The file a6b48c613678f42aeac67a34db823699_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

persistence upx google microsoft phishing product:outlook

Detected google phishing page

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Discovery
TA0007
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:42

Reported

2024-06-13 21:45

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1652 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe
PID 1652 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe
PID 1652 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe
PID 1652 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.2.187:1034 tcp
TW 220.143.82.164:1034 tcp
US 16.188.109.29:1034 tcp
ZA 196.39.91.84:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 52.101.8.34:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 15.197.218.168:1034 tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 16.190.69.12:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 192.168.2.77:1034 tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 apple.com udp
NL 142.250.102.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.177:80 r11.o.lencr.org tcp
NL 23.63.101.177:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
BD 203.76.97.37:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 email.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp

Files

memory/1652-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/1652-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1996-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1652-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1996-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1652-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 04f56d3c1dbb5b396cbdb723fc602b6b
SHA1 697256ffba49d19901287fea537e95f3460a4200
SHA256 d8e7371820b93168c8ca8f5df202479f4b18ce0064610f97dfe18b22c32a6af2
SHA512 3831f7b174b7690d70a8c55b6660bea8bcf4d6d6768bcf77d35ec3c0dafa27b8a211da57e2b1855c743cbd26a30b85a35b36e008da059080069d8bb4d6e86e29

C:\Users\Admin\AppData\Local\Temp\tmp569A.tmp

MD5 756f3c9586d09b9867fb9a2d82ce9ecf
SHA1 90a9babc046523e00b622c0fed09abea82bfde55
SHA256 b7d1fd61df10e4d8335074034ba7ccacd733924b3790a1ff7903e7b519438032
SHA512 42465daba668afb663cfa4be38ef6e33609854645e473a0485db1cf1379921968505bf2ad04ab4099dae4c875f4102a555e9f19375e0174b75cd0b39800dd8a9

memory/1996-57-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-60-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-69-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1996-74-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 823fd452b64b2967d27465a589c87ece
SHA1 1629de2966d93b6b8e9cbf0ccb838cb07d715fc0
SHA256 5b4b7efc624fba4f8e3b5ad34cad05edc788e640a52f85e01bf4b15eb632ded8
SHA512 c18e9bc0b6c81c818034e45d3fc1cfa7c79b7e160daf1f1d2c90fffe0ef3d2d849a6e51c197daf46a02cfaca5c18a027c217c3aa23a0f19a624ac7e0bd4d0c04

C:\Users\Admin\AppData\Local\Temp\Cab5410.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab552C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5550.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e9d802ea2429b1610a989dca8473bf
SHA1 35c96af2a0d8a6033ec615ae7d57da54cfab5749
SHA256 9e28ca8cacebd0775cab300664ecab036f54a0a0b9acf8103f34768f70a359d1
SHA512 059ec52727d014436619b10261f71958da38a79ec2f7a008430978fabe33967d789c11e09ded8786c273344f61a9e40227845867ba87eea5634a4d8342dca388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fed2b10a25dc6813ab08bcaee52874ee
SHA1 1dda8a10ec3626ad549e9e69bd69aa199101e1b3
SHA256 a43a72862508f8dfbfe5878cfd77c7eea4d06c512f3a1492ac9bbb98e3528847
SHA512 993da2c03571e184815d3a8c752e85437bbc8bfd4aad97c8a0b3359064acbd0c0c7b057e9a6ab37ff061b7b0f50a9d33b83c153443fc03af5e4c52bc158d4aac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\QSIO3L5S.htm

MD5 d935e28fb8b67be98e6ac9480d83a69b
SHA1 1873d25186a68e845edc6bd172dbcbbca652d0ef
SHA256 238ac9ebd6cb82b71ccd19507f71c97c38b1d65ba110c63ccb34f6ed953869c2
SHA512 c2cc3ab9e4d813ef1b9af73d770326cdaeb7cc32b347010214e5a4ccc4e31344703f4f10e86975f802465519d108bc2de4fb42d33ecba374e9261c535d83e929

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\search[6].htm

MD5 0f8aa3c630259f2b7a802c3e5177d3a3
SHA1 0d0c8f1050f36c7aa8d5642f424bdf09e6d96637
SHA256 7a58cde10e2067ac637dbb1dd3979c4eb0896655398d3e22516f4b4af66bf496
SHA512 9645b2ead81c8666255b78f09d8ed00f0da15ff241b20ac0bac673ada8698f75b406558efac1f496bd1560d98fafcc3b8ea93c65917ee0c5b686ff599582eb92

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:42

Reported

2024-06-13 21:45

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe"

Signatures

Detected google phishing page

phishing google

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3116 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe
PID 3116 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe
PID 3116 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6b48c613678f42aeac67a34db823699_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.2.187:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
TW 220.143.82.164:1034 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 16.188.109.29:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 mail.mailroute.net udp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 52.101.194.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.177:80 r11.o.lencr.org tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 32.25.90.104.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
ZA 196.39.91.84:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
NL 142.251.9.27:25 alt1.aspmx.l.google.com tcp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 15.197.218.168:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
FI 142.250.150.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 52.101.68.11:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 16.190.69.12:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
GB 142.250.187.196:80 www.google.com tcp
NL 142.251.9.27:25 aspmx2.googlemail.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.228.130:25 outlook.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 209.202.254.10:80 search.lycos.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.77:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
FI 142.250.150.27:25 aspmx3.googlemail.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.outlook.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 40.99.202.114:25 smtp.outlook.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 hachyderm.io udp
NL 142.250.102.26:25 aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.11.17:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 coloradotech.edu udp
US 8.8.8.8:53 mx1.hc3950-10.iphmx.com udp
GB 142.250.187.196:80 www.google.com tcp
US 216.71.147.46:25 mx1.hc3950-10.iphmx.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 kinoho.net udp
NL 142.251.9.27:25 aspmx2.googlemail.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
BD 203.76.97.37:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp

Files

memory/3116-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3576-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3576-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3576-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3576-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3576-22-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3cef4e8863a8f20c241ffb4d5b85e1ec
SHA1 8584184a905b3004b2890109f5a32dacccda5417
SHA256 c70414ab9c62a4aebe2462312a16233f9119ed113bee5522a50908e36c72f75a
SHA512 bf71b449c896e1627c1f17acf73a7bbd0238995f3f440cf24661d8fa806444f35bb5248145ba720819a4d1c65f9271b5fd99edf226110546b5e1b405b631bd18

C:\Users\Admin\AppData\Local\Temp\tmpF424.tmp

MD5 2cc9b9af84b672f6d6322bbd7f6943c7
SHA1 f3b0bdca6c5e8cd56e8fb4feabb09c5840dea4d9
SHA256 435015258ee91f10bdeb06d8a1ee00bccbe39208f3f26b61698b328900fd262b
SHA512 4b9aa9bfefcb9d692faa9ac369d9b6859328f5119e395b6f9d2c8e5b12452ea4fb73652b84afe946633c7d1c174b1d78d7b3315600d1446ce0331e03fd4bd2df

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\QTKWXT0L.htm

MD5 d424a6e66cfeeec4df312a085c506ee5
SHA1 c9c4277fc3c62390eae40a47cdc84ca0e62ec94d
SHA256 3dbe1e9a62a4e2bd1bc7007366971a43e0ea1274730b959d52b47cd7161cd97f
SHA512 905cba22d272534a49aa1234a0ce854fb66ebbc398a93d462b8f7b2026a0749ecf4dcb9b1dc4cdcc005256eeb5debf532c0e080c9d4858ec524b36b1165e9429

memory/3576-124-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search[2].htm

MD5 7c3c335bedc129ba45540f9e4ebbfc02
SHA1 a6d4ab2ae0923e8ca4c2a1677bb97ca5ecbb2dfe
SHA256 f11dfade65cfb5876fa07484837074a25c54355a586bcea422dc9cd07373181b
SHA512 aba417b7f380a08310898fde9ca623f24fd523bed323597e114af0cbc9f175dee9db2fb983176c388ae913cc471111b6f7c02772396720263358ee6c5d8052c8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\results[2].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

memory/3576-245-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3576-246-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3576-250-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 107a5a3913c161501daf3af536e3bd39
SHA1 c61ce39b83a64e884e5960505c044d4ba93dae88
SHA256 f62b7b0afe6b67d7857e14f10a9dbb4dc57314a000ef2d7cf3ccdd1dc88c3c87
SHA512 e04d45fcc58cc578cc3b2a59ce8d294cfe6aa9c576c23ca7b98043c99bfde3a0211cb1a1c36dd6e428bc9003e282b25da57b28e95a22c1e78d8925d58fc57649

memory/3576-284-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search[9].htm

MD5 d58d3141f970607485cb6f036c9771d3
SHA1 09874630ca95d8917414599560ecaf87399f6607
SHA256 06e8a3423ee6e137800a0ffdff69e22657e5a5d6df50f053e44b4dbb2ff8cd06
SHA512 38fa4df3b50155cec520f31c2539080b21c9c364c18c48f722cea56cb2a457166eaa67a0fa8aac40fee661c19a57817aab1bd33f30ac94066a867490ca74d224

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

memory/3576-409-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search[6].htm

MD5 b9932cdbb12c340aba6367e969f0b41c
SHA1 f7268233442e46724303c8c2628c7f8059dc89c2
SHA256 e10f6a92903082388f98e6a7206e39ed668b6ab930440538ce399f4d7156c607
SHA512 4a1e161c559f09a6e60be5987221c17882febb823ffe4c9f1344265d0670447fb4b869062a810cfe57ee098710dfc0b254713db0ae00ea245a3a52d4df1677df

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchNXYXE5P3.htm

MD5 2e115f6ce39fa0c556868469a6c9f757
SHA1 1c4dc696a889d2865daddae526b1f260079beea2
SHA256 cc56450e34456f75f2f336ea410bfe449e8c680ec2b46cf27133bc5bcdd04a01
SHA512 34fe02927a5d9ee02716300812e9343d716fbda90e28b6781523f1dc309cf33710bee94cb8dc1cef3f3759c60d64895c403154e77d06fda0a2c5d61eed648f00

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchY0GA4U2C.htm

MD5 1f511b23933874cd1fe533d39ac8a0f2
SHA1 3f0a64ec145d424aaa09fd573bea5c313cd769c7
SHA256 9c4511c6a5e677bb157288e256114bcae41e2b09b97f75e24f658058a76c738f
SHA512 9541f37549b12fd2f8ebebb6bd84b113c16b373e9178c64c8efcd66cfb170876628da4b119f227693ce0ad7fac71fafae505f19b79e434e557c5aa863bb6f7d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\default[3].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[6].htm

MD5 73fdc881f70fc89e891e3dba541a665a
SHA1 94d3b8bd2af6a9e689f80093b85314afac20de77
SHA256 1e21435d0a0747360f42fe4b4ec76d6bf1eb74650e039770a6090ac7a5c5c804
SHA512 2f6d64d4f5c5095d313633ef4533ada5e470d4b5210e2aa488d429be1eb9a7ccb2e74d41dbb0b4ae8c89cdcf26c2faa8b7ae8411837e31ec5eac854c0a9a848a

memory/3576-558-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchM1WSA8TG.htm

MD5 bd0eb57af5b975f695f5e2d47ad17a69
SHA1 816f5f1775c51bf02654288195bdee7b06b6f0f0
SHA256 a426cfc0122388e81ec98837dee4bfaed0830976e1e51b4ceb8da6eccabb9ab5
SHA512 7ac4ae1f755f5b2778bf1eb1c46ebe31f6b26db454d50422c174f47ff5c4ab4e4535a62d7f8060ff240a862f5ef24d6c9b388acf48bd3127c48ebeb8de4fc474

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\results[6].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\results[2].htm

MD5 adf3348ee6702c9e9497233409922d38
SHA1 184b1ade23ed35ed6b884700698eb65d91d8e737
SHA256 e65e9bc3e4bcce807c55b2008b327d9b9f4fbefe0049c21ef46c5469f02f9260
SHA512 aa5b6f1af0a4e5aa98430fef28e4990a8294f087a77b6aefb2b914809b04a5c1b7756410e0d450117ea0f53c0f6021ef7ad1748ed118c7d95e903224ef81c7cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\searchS1JUHTQU.htm

MD5 ab479fe3fa3e386e0507b8178b2a334c
SHA1 fc17046a9a8f1ac24e5d739100504feffb21f2ee
SHA256 14b335c348bd264af7d6b0c5cd39b57fee0820b5afa60536663b6dc9ca6c75e2
SHA512 7ec652cf99a94c14928513a750afcb4068ca92720de1c5009bd54dad6874cdff97d572da9973815f50d91771cf8e127b8112384c872165d930e8a6f8ddba0455

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\searchT89MSQKU.htm

MD5 a5cf278c6d853a43d996398f05273eff
SHA1 4b6c4d808738f82e1e9804b1e9960f1373b00d51
SHA256 99b0ee51147030a1b01925f609b197358031562b335264f999cc14266294f19b
SHA512 853f98f11fe2b3a42e16b5c8d648ae4d9654272abc26c0d3e59535e11a8a0d0c5e5e53a9d62a8956977a25843c73d56c89c254b6d027a31fc9a7fcc3b7ca64fa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\searchMAUX24LN.htm

MD5 18d488049795353b437dd46a94aa40e0
SHA1 c354be2af398c5ffa31297b2bf1ba5af0ac94266
SHA256 c7f755eef7c8b3c07b7c1f0818888bb2c0bdf0b5e0d1de5f8abb483ef111bef5
SHA512 ca70716b01f589bc41f58bb88d4aaab8cecb1278b31a9e90b398f83834d25e42ca235fc44d723de6266c2e206fb1aa887b1e7630876119f5b8488a8202c12e40

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchZ730JKA6.htm

MD5 843808dbc4ea0767413a52916a74fdb4
SHA1 f022120ef0bb96023a321ffb0796d354703bdbf2
SHA256 d553aec2f0f472790e68d4d226f41d7e579a68447d7f1b7910720ca642a3050f
SHA512 ed573fdaa3ac77f47cb3c01e01ec263f35c864a77328500a21f7baa9291f0a47515ddc05daf7cb89fedd7777df8524b40a43d5df9b90c4d1acff5ee24e1f9d28

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\default[5].htm

MD5 5431b34b55fc2e8dfe8e2e977e26e6b5
SHA1 87cf8feeb854e523871271b6f5634576de3e7c40
SHA256 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA512 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\search[4].htm

MD5 503f3e45da3c284c64860f67367452f5
SHA1 037b2fc8b49b806fc8caed83578c4a0e5011215d
SHA256 d3255c21dfbdaae38b5b7d41deec93f53705b45286f0b3688f3d4fa06d972781
SHA512 e3e14c8a3e79820012b65d69419e2fd29cd21d6930e0e2d4c86d1d78e3dc3404fe6e60faa1878e3f19cfe642a04496e649eec1885df6040846c7c65ce01c39e6

memory/3576-764-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchMIV4UJPP.htm

MD5 cc4b393d5fb32798cc0a252b5c0c23bb
SHA1 fed06d3b88ba4bb68a44b7cebc6d0102abc81f24
SHA256 8d3301882335781ccd6109bd47d615ea2229399adef815c86514653fb4a2f2a1
SHA512 4159fb27b419e32b347becdc4a149acf52f48954374716eee5fd62847d2724825a796efb8d08e26fe434bddb92193dcc4e4949ec6255928e67fb69d9c8047f97

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\default[3].htm

MD5 5257aa7cd7f0b6c62c00d3b403f5b8b4
SHA1 ac75d0d07888f61f0b0368577ec794a3f64fd6d8
SHA256 caeda0e9d091ffa8d0237e28f69fed6d3a9e88830ac47642597cb41caec120bf
SHA512 70c5473e6e0d84cda75d096c9cccbc54963779bee3f22e1b225ecd70a70ee5e023b31bad6e6e2e6539b58f177829536b41ec53a01a9ddd5312cd20078f4c57aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchUGU6CW51.htm

MD5 fc61c64a9e09b4bcb0d07c9666acff9e
SHA1 370473e52120c5f21ddc09ade5f52fdda7dc10f8
SHA256 d74358dee0e7d8599670d1c10e374cd513c1619a71c50592e7231170a7bd2ed1
SHA512 b8ecec2f58e5ac066d526a2802159b6796797207ffc726877418cd12ce9675ff03e7246a8edcc8d4ad8549cfdacbf62b96a54c0d07d02ec1d172c379f4c0af47

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchPPCJG9XN.htm

MD5 094bd9dca4d9ac87e1f1166b1afae06e
SHA1 586ef4dbad277fa77e64620726df1faff80af8df
SHA256 54114ede9a02975332cbe75bfe8a1877486b76472e953ba6351a3ee16206f5c4
SHA512 9f3b44c4c96777ee1c077f1666c35b8634be57d27ec702a006bbececefb69c5e2e393f6256012ca8f2cb1def558bf472dd17b56dfc4781375a7d11c72286dec9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\search[6].htm

MD5 c2754343f38ec0178430081d3e79afe3
SHA1 9f44aa5fd41db380e3693f7c8b5f089fe023ee7e
SHA256 006d9fcafb4bfc9eb60ee31ca72f99b6b545e0ec812c2f9cc4eb0cf3330add78
SHA512 268a05a2894e9b2b257ed3bc57139675ad98b2e6c144b3f018c461eb15e3816bc599a9a41806fa6bcab06717a763f7c84743f56c39dcfec049564e7aba84fa03

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\default[7].htm

MD5 157431349a057954f4227efc1383ecad
SHA1 69ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA256 8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA512 6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\defaultU96B76G4.htm

MD5 5243568476eb2052b2f3b67dc9053e86
SHA1 b126aa6506772f9024b76580bdf28b45e3a7f051
SHA256 2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80
SHA512 3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833

memory/3576-914-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\default[5].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\default[4].htm

MD5 e5c2364375c0a8a786a9508a840b6299
SHA1 bec1874db0d2348274b6656d1383e262f73e2bc6
SHA256 51b67ae1066eb179562cf80a8a156bbd4b139b83072f610bf62c0b6d58ed17f3
SHA512 ee19a8fa40bc7e991ac289eb30ceec8264d6071f124e99791022961c99f25b97def4f13fa96149eb52786d1104d85d20410e65a333304c0df6ba858472a557d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search4MCYWLCF.htm

MD5 6ba2c3fc69150e0fea4f8081eabe6c73
SHA1 7b15c0fadbae2a44bb16d864924985b51e2776b4
SHA256 019974c6f179945d66cb4dfe3e5106c702ba53897492e272f6e0cbd1ff72405f
SHA512 21966534083f5d31020e6eac282034b221229fa90990df8b0b85f0e30f9b5cab948ee8b1cbabc25f0d20e568d8769a29192445094643245ba45995b3e3d2a6e6

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d8cd7020a2949564a452e272b8c4b6fe
SHA1 250b4b6771736f5868d6ba673157cd440b3d3ce6
SHA256 33c50ea71dfda03e11da5ed23ad5d477dc64a00dfc697295e87fcfba032afb8e
SHA512 4b3244a13071771d47158050d7c337c6526e11ce3a712bc7bfac7daa4540d9927e7c598d45bcdf6c9e750b3dc50a0b0d40199183c0b2b4e8b854ade865b3c5e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\search[1].htm

MD5 8cb18a13d1552141adb315b37f1e1321
SHA1 cacd0b0a13ecf1b152dae854ca8820a849a04d65
SHA256 e40aad5091c469e656acda51ed312b82fc33a300814b14f63fb9cbc209ad370f
SHA512 16f00387b7a59516ae37ee69d09a48f61ef192dd9feec349024a3f7ffc6fae66aa534e63d1a3775167d2f16c2af9d67e6a7a8e1c09c1632a64d78a40efae8101

memory/3576-1097-0x0000000000400000-0x0000000000408000-memory.dmp