Malware Analysis Report

2024-07-28 10:37

Sample ID 240614-3ls6ra1bqc
Target 8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70
SHA256 8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70
Tags
upx persistence google microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70

Threat Level: Known bad

The file 8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70 was found to be: Known bad.

Malicious Activity Summary

upx persistence google microsoft phishing product:outlook

Detected google phishing page

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 23:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 23:36

Reported

2024-06-14 23:39

Platform

win7-20240220-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2836 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe
PID 2836 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe
PID 2836 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe
PID 2836 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe

"C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
N/A 192.168.2.10:1034 tcp
N/A 192.168.2.106:1034 tcp
N/A 172.16.1.108:1034 tcp
N/A 192.168.2.16:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.9.0:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.15:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.4:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
N/A 192.168.2.105:1034 tcp

Files

memory/2836-2-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2096-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-10-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2836-9-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2836-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-25-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2836-24-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2096-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-48-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-54-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3238ba5363a60f87a75ce097e96d3d6e
SHA1 f8bc1c947110f450b11eed74658bbe6a6a7e73ff
SHA256 e97b1ac7dfc7d1ef0184b86a9742fb2083ea301b4f416d761813fe4635854403
SHA512 e63d8e81a9f5056e92668fcb3010f265eb255c407fffa1581216ebfebbc934d4c208a7b0edd01266aa09fbf2a9cc9da4a9b7322c5fc12b8772560997344782d2

C:\Users\Admin\AppData\Local\Temp\tmpA16D.tmp

MD5 1a94cb06802d45d0ab7190c061e3182a
SHA1 e6b686ef42a3da259f20a28f0b6bfac9a24f73a6
SHA256 d2316f69a030cbf9fc04516a591ac019d715d8b3339540074ca9c633af6aadfd
SHA512 7b98f5c2ed68ad58c1e9123402476d0d36b8fef5431c992330e09f243afd6d66f0e6b2969713325599ae9b72e205e42038f73586f436f03770eec9cc1ddfb04b

memory/2836-72-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-73-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-81-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-82-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2096-84-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2836-88-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2096-89-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 23:36

Reported

2024-06-14 23:39

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe"

Signatures

Detected google phishing page

phishing google

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 208 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe
PID 208 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe
PID 208 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe C:\Windows\services.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe

"C:\Users\Admin\AppData\Local\Temp\8b384e7b999e005ecd6ec43b7c270d208f31ea89afb123797d48b9ba93b7db70.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.0.2.15:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
N/A 192.168.2.10:1034 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
N/A 192.168.2.106:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 8.8.8.8:53 acm.org udp
TW 142.250.157.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.9.21:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 search.lycos.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
BE 23.14.90.74:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.108:1034 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
FI 142.250.150.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
N/A 192.168.2.16:1034 tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
FI 142.250.150.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
NL 52.101.73.31:25 outlook-com.olc.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.acm.org udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
US 52.101.194.17:25 alumni-caltech-edu.mail.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.2.15:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.251.9.27:25 aspmx2.googlemail.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.222.226:25 outlook.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.4:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
NL 142.250.27.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 40.99.201.130:25 smtp.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
GB 142.250.187.196:80 www.google.com tcp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 kinoho.net udp
NL 142.250.27.26:25 aspmx.l.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.2.105:1034 tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 hachyderm.io udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
SG 74.125.200.26:25 alt3.aspmx.l.google.com tcp

Files

memory/208-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2260-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/208-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2260-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2260-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/208-25-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 48b42c0572f0657e8d21123b2704ece6
SHA1 0204d63364ed693d3f4ea9246ae9be71819d021f
SHA256 f4eeddec2f535f0338191eca2393b85cd43e5ac56634630b6ff76b39e7606487
SHA512 70f45e41c3dcb1ccb31e9546a4f2fb79f76e66c4c2101805f9388fdca2a5ccf62c44e5a8ef23218067f4dacbac08f95e3ba97f0c93af8b61709a0fcbd6e31bb5

C:\Users\Admin\AppData\Local\Temp\tmpFC15.tmp

MD5 a20bb076d58d508db98bf45d6cc60f99
SHA1 c0621feb4d99b68f53a0bb2d1161522dece20d6e
SHA256 979cf127b1387f18aadb8d3060b03dea85b7e04df223e1b11ff25df9df991f8a
SHA512 cf2eda791b1ebc76760b345878135003e4bff9c832c55c799b52a7d9f8109465f24806ddd4a1827b15019e255d9ca4d63fdd920907362f4a8f3c59a4c72c27c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\D27SY73H.htm

MD5 651a5a98ecef3f2630c056ac8a6b27ef
SHA1 4f2c3cf01a3682a8a488da4efac1cc0e23f637c0
SHA256 cbfacaa975f946514ff522fbe598b1e4cd658719766d395067a71339d3520a79
SHA512 ff58378d556eec5ef9cf474f85399c508ff2be2406faee1e93453403fa834499c145d4e2e4ddbde81a88ef6d98ef75fcb16d279db22b008c6e2efb1a60a0523b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search[4].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[3].htm

MD5 c1f6da46a3a31a874cfd4b1aaac92938
SHA1 46c3a84972fd87197d7186660f57ddb7881e3090
SHA256 7681d46f61deda7fd7eacb2462df077300725def783e28e3b7518958562f3e9a
SHA512 1cf4dfe02b3203f3fee174c7ef1b86382be223678a982cb0cbe9fbc179d7303d8f48817d0670017145cc71578389a71dc9b0fafd9ffb40696f1ba6f0c2fe1ca6

memory/208-171-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-172-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search[5].htm

MD5 3b36ac64fa27a97d22516a40c1167bbb
SHA1 f46fe53e220014428cc21ab860a0028429aca9de
SHA256 d8168762620002508e4f9b7ebb271b9269f3a6417c9a7faeef857244722e1a01
SHA512 bac83ed732982bac0e4bb1b1cba01517a2e05dfbd3c922d576bc3055c0264c80db84184dac9cadec65ec8534e8c9799fe3f92e07c674ba43c849ee0152045f34

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\results[1].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

memory/208-272-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-273-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2260-275-0x0000000000400000-0x0000000000408000-memory.dmp

memory/208-279-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-280-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8c861ee3bb7bc2bb8dd12dee2d319234
SHA1 b73c9047d17f4c4386017a1892188ef19ed06a2e
SHA256 104179ad77b76684fede2e701ca3b4e02ad564190d7dc982ec09a6b795407820
SHA512 36de7556857c652d443fa47e1ab1be0885518c819cf21d7f983d3f884aadf467ea167bb68588c1177144ac58c36e40d41c4ccb4d1c350ea44eaf2d2176a8ad41

memory/208-368-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-369-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search[10].htm

MD5 c6e66aaec00283b82a8e36756e019793
SHA1 13750e821ada18648cb5e8eb8f8cb427dd9b19c5
SHA256 a9509b3cbbea28512bf5a9b430e395f0c175c7e818494712ceee440a1171d3bd
SHA512 14a05850f00109323fc8d1ea41fd44d102890f8728e5046865630d63532a403afa994f52e7aadbddfe5967944fb3a91577a78838a02864a9e4af9318a0eeb454

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[7].htm

MD5 b14f5841a911dc711bde088794b239d3
SHA1 170f2f9063795bbb81d1d073d7f4a9f98cb91fbb
SHA256 6f3a16fe8ad9435e7f27d7070da78e0b2c723bd0ef88b3cafd1bc6b04ac4954b
SHA512 a2b301fc29a1a1b799f3f881fc5feff10e191851014ef2da128409facf17baf6ed65bc7fb1ff3dff0aa38c34f3289b990c0280131e589708dcd5b3a1bd032050

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search[2].htm

MD5 53bc52eb29002316b73e5f1ec2810f69
SHA1 d43d01a3bfe418e857818cefa2cf1018de6a62a6
SHA256 088c806576d2c097c033d3b958fa1f3e88dbc585bb0d0807702ab9c1d9cf627d
SHA512 741da6a0e91109fe93f92518311c4b8ad198ae36c6b2d2e100154e517eccaab9b09425306a6536db02d05f3f05bf5ba2afe3832b4c4d5437b75f89a7319dda3a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\default[4].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search1X4I0WIA.htm

MD5 59640f65c3ae2829684429c3c419b006
SHA1 375a6832cf71a23f279a53c5587b2663519942fe
SHA256 0e704dc5148aa0223986051020ed8f8d924fcd61a674d0993a6657cc4fa97fbd
SHA512 228b680698da221b8d5e957a5aa667cfc1af295a1b0eeac04d31900a07deaf5c412a8f35c3b6a982e14636619f246fae9d25617ecb33f38c3964b4e03367a449

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search6O0447JF.htm

MD5 51886dcb72382c6d260d11d70bf8a093
SHA1 b530615cacb1c2480df6fde053ea0108b2b68d55
SHA256 a2a4add07e0362d3ecc6bfb8570a67bc513219718ac6533eb9931a24b225e240
SHA512 e186e1e6620338564be43961b179acfa72f551bc568b6c538584ed97a056e6163b322b1869d0229ae96714d49cec29fbe9d7f094f53d3182523053eeb4f03f89

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[2].htm

MD5 1866fbb462c8659e24d83e4f1d60b56e
SHA1 35365237a3f9c97831927f15cb93cc9e97b1b4dc
SHA256 ba534e85ac7ac18a9b0524ed3de78067405323e5a11cddda915c011c44406aca
SHA512 f2e2499baa4a148683faa2142aa22e588348c7797e14f039bd967389a35c6d408af76b7d338e32bce7546b0e4531cedac7e8ebaaac45a9583043740e74f38a67

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search95LFIDPI.htm

MD5 4c73f56048d064469dde93d4531b48a3
SHA1 d5a6e438dd7d5eef8d8c8f28a31e70b390c164a9
SHA256 e5577c1e9a05322f445ad4be2b7f14bc64bcf3cb167241194b91dee0d0c757d7
SHA512 71853525bd35d3705ff64c2e141bc5bd8fff46a6f2ae2d9950fdba9f29f23067de1ecdc9f5705bbe11541c7c1ee807ac301529e65eaea8f536de89e926a698d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[9].htm

MD5 81959c72bce6fe9210fcecf703b1c703
SHA1 ef8eda892526aad94e18574485583687f3221992
SHA256 9f8a2d336a49b06ada9191a69739f92860ffe590748870c96b00d2dc59dd7986
SHA512 3b7a7f520fe56e694912518049478edbc7439955234b0b283601a0c8eeb1409f21a9f71e541f139563512da1e71dd31db617fb4bf28a35ac18d0f3132ad7359b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\results[4].htm

MD5 7a332319b4c67a0c2b49c9fb95a8b533
SHA1 a73a00ba83953575917a2060c009253fc0db93c4
SHA256 3c0cf785ae4898fab36c8e6e6d1ff44a1b980db0216539cc895157efe273da2d
SHA512 e057941f8e9e7f686dda89bd88a6781bdfa6d7f4545c3ad185ebf0a9828b29789f91a616f5eabe0c7c1cdfd9dfa46f443564e9cfc36de6b04f03dfd6ab67f100

memory/208-550-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-551-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1eab89cd090a17e3af684b0734372f77
SHA1 376763e97c28ded116f9112632f05fcecda5808a
SHA256 addfff8de862947235de08f59bd2d3313738084946be6bdbcd7aee5a43cae1e7
SHA512 ab67d647bd9ae40c619f9fcce146e52c5ef560a9cbfae1c11dd6e5bab5a022efeeed5a7744c806c19d2fdb1eed62886e71ca5cf1327a2cfa806705219cc25824

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search[5].htm

MD5 fc6e7891281b9c2ececac5867320b891
SHA1 9d557ed178979648cfec2b6ea7999288dc635e3e
SHA256 34425ca53b55393166a55fe8794841933fd21e8ecef35faae485ae74e4f5fe8f
SHA512 8d3ed57cb18bda1edfdf737ecc473a7645679d312bcb3a6a0b1807a78d39384b71a76bca6d7f1ded0498778341d2783b83c1b40fd4b2a3edec04d339c554b3c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchFBQ9XVGJ.htm

MD5 226f6cb141675329f9772b653f5eb0fd
SHA1 b52b9921dc3f1402cc350cc7de2eca26f3e4fb4e
SHA256 01b36b3880577fa48dee172a72ee2b20f93d8d4cf5ddc0a91f82ca5f64bd146e
SHA512 0b200cd52a345b7ef6b7c4ec8b36fd9a6c5c50e176d984ab46e36f798bc17562e79fa6d1940ed103bdc72c163dd19fa3fa8d02995acca328772ddf3b058ffff3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchEDFK9R00.htm

MD5 7eebe41e540843d5df372b068ae078b6
SHA1 f8f9ebb6c38a3807060783e6a0f4957da4bb59e7
SHA256 39d4dd48398479645c4a3545a616aa385db6aab1724ba9c5a7e68f5a82d956c4
SHA512 f702a1bfe7106fc3aebc10112c78465ed39d8097c68c0220a157ee550bc7ac05021dc38f293e0c3c817f9a66b1058cf209512f38a25b591b8be61fe60b131804

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchWERGRD6U.htm

MD5 595c7bfe7b0f65760c894dbd3d62a746
SHA1 dc1bf5fc68da01d21b0c0893b6399aa06b24a481
SHA256 147c32979f86669711ab044e6f682a62620e8d58525849abe576823e3e3a64b8
SHA512 6cf3ca804d34b84220c5fe3fd1dd813f57d731bd83afaec5cd21e81486964b1f0b042be5fb666e6616afa295636280307a0dc8bb793a8020df639ae57bc68ecf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\default[5].htm

MD5 5431b34b55fc2e8dfe8e2e977e26e6b5
SHA1 87cf8feeb854e523871271b6f5634576de3e7c40
SHA256 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA512 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchK0K15APC.htm

MD5 50ffed91578ec253c81b998a3f24511f
SHA1 4a57d50730ca6eea685f8231cde79035ebbd37e6
SHA256 d5e1c60d2e2cde2ef377c697d2a4f66561200a5b13bc3aa954fa5dd4c474ff91
SHA512 bcae4b33a0f15535b9f1e153af8a8455f7340b104b23eeb2bf97bed4f1a392549554e9ab4b7fe4b32ddc6019016c9766c0d8fc57e1b26b81acdcd5460b7e32f5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchZLMTS9IJ.htm

MD5 aac2e106f3256b7d94e437dfcc0dc934
SHA1 3c4cd79daa4796c3fbe5e93181928e81affd32d6
SHA256 9d8450fcbc101e56183945632fdfb2334171da809d2fd630c96365f6ea40d3c9
SHA512 e9a2f03b798b24425cccb56cedd2e157f0605d209055e7601c4fe4fb53ff05b42c54cb4c53901d16bf3dc9af0a05fa7b64c875ffb89ddd7e2fdcbc111a258807

memory/208-702-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-703-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\default[1].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search7M2XNQ3T.htm

MD5 888af437721b42f755a455ec524397d1
SHA1 676945aa10ae2a36faf7eed677dc7e20072fbf72
SHA256 c7d8e7a7a01c6cda62202d1de0dfce969a3ff9d6970bc788e1bbfa25ced726af
SHA512 b8746e17687cdbe6627889ec5993059124317287b427f042e9fbf3367990a0e35b5dae936e599aaf56a66a71230a617297c785f9e633a3e3b35baa3f50f9616f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchPBJZ8823.htm

MD5 9b91890168cfd5209a1169c25d5a485a
SHA1 ffed7bce4c66f0eb5b50881295d4aeb04bd57012
SHA256 698c83a86e590a330a8cd5edcc71ea7c55bb25a5f9ee209e5ce00513421465be
SHA512 331ee997c02276d74841112582b7239d891ac416251d34eb3da3aa8617d239f66edeb2ce338e3545af8e37db35975e30eac772c23789610d69c85a9ad7831b60

memory/208-863-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-864-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search68W4K7X8.htm

MD5 1153728c8037f1b58d96c1a1ebc1338b
SHA1 d40ea9ed2e89cdaec92baea5a45af88a15fe09fc
SHA256 da6f63174f1847fa2500168f35d5147575491d66e05d2e4d212180f63d2dd949
SHA512 d18e3aba7baef3f1a761b31a42fae81c262b30418eed3c646a7b54b1959ace1686382a896a17f721ce5942d36be3d6f3776726635eef23bfda855963add0dd74

memory/208-1046-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-1047-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchKQ1RCQ1M.htm

MD5 e4b9dcba160e7e8606f55230c2ac5504
SHA1 8461135dc3a252be1696e6570bb6b01b3e099b3f
SHA256 7699e4784798ea2ad1e1bd85b2a6513278f0fd43453b7716cad02ffc656fcaf4
SHA512 78974c6b50ab452a82b259dc3e0bce2eb51928d6afe06a9ec3cc9eea0c795672fa3164b6c2ec2958d4dc0ee2723d92f584ba2fbe4002da683be264fca8935a6d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\default3KCKW6YM.htm

MD5 779eb6e922262fd34798d1da675ff1b9
SHA1 8ac9d18a9f1fd8ddb1bb8e6638c4faf7c38c08f4
SHA256 f5b7521dca08f599000d2234268361c7a0de6d916540f07841bd28ec4d28fa1c
SHA512 70654bf9abe3d5a399d9e010b4ba12743f789cf78f1c9e41ddf1377dd5179f24c871dfbb89876e17c2d1206ac18f49f42d0ca54517e2c25491d34c509b053ec7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\default[2].htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 2ba8d0c3e0f1033125ef1d6e6b6ccab5
SHA1 a1246c147e5420913ae0535e4d73fa28430ae096
SHA256 1b4672c9d3cd615826d90ffcc1ae6bd8d95e9db783ca278d23294c5d63a68386
SHA512 4e623c4121011d9613dea6b9f37d2b57a2b1237120d3195f32e9e93fc0771ee0c5a9bbb276ebf0c017173959117eedbe3d6f0d04bcad895622084ec3ee764e33

memory/208-1182-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2260-1183-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\default[4].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\default[7].htm

MD5 2a8026547dafd0504845f41881ed3ab4
SHA1 bedb776ce5eb9d61e602562a926d0fe182d499db
SHA256 231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce
SHA512 1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchWFG19NLV.htm

MD5 ce9079d8870e40c03d7600112514e699
SHA1 4007e2aa991ef258686223b5fccbedbba2eb8a6a
SHA256 75fa397c96ac3c320951088f06cbd93f1203c77781249b1c82e5d33c4fb65f5a
SHA512 d04b5b4f29cad85b2916f39aae471e916395c7fc809f6f880a98b64cdfdbf8f34b13ac79c6921a311cf66ee67dae0d533b2c7111661f6a2d30e1cd98dedd297a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search[9].htm

MD5 8b17c8e15cae09016cb351cee3351c12
SHA1 bfa8b0fb8445a7fa84b126c165c5d1c79649fd45
SHA256 bd109aef10f6e75a7590f186586f98a8519ee837bcf18c6fa1a8129aabe05528
SHA512 4264df6c5154f7d2196addfc67c9ee1ba1cf8808c9a3886c81d3088ce12e4f19184722159304b7312e07c96b761777f31c1379d34605089bc2affd68036c61ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchC65TGQ9O.htm

MD5 44e7b5b0def5e9b78f5b1818412bf258
SHA1 c059cb485cefd6236ae461822539795a0fc5704e
SHA256 3e3afeb6a5c09b26c79470a212c31fd9c3e6fcf85234bfda05ba2d0c5b3476e9
SHA512 6283a5d210254c6534aa0335c4f5e7db4e0925575cd31eae4f81f69e5d7ce1bf6dd95499f291e8685d343b701b0ab3136ae56501ae6b5d1add6690876e2b7599

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 749c175f36ec6490b040b21ab101d1d1
SHA1 3be03f985004d69b99929b11a6604d548849acb6
SHA256 875a10c6da3ffe829eedbc335609fca6241f17e26212448afff8b9e0c916a78f
SHA512 63cce1bf3301daf30b09d49aeb3711c27d7af070bc387c28c705cae0da4d8f7b42c766cfd59496d48902cd25a00305ad90a0e3715fca8b03c6bfb60d5fe98c40