Analysis Overview
score
10/10
SHA256
e8dd1138111f75efbfebed7a9090de9995e56427613cda21e238059119ce48fd
Threat Level: Known bad
The file a9d3343a18424e8c25e5b5278229c325_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 13:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 13:05
Reported
2024-06-14 13:08
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
153s
Command Line
"C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe"
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3584 wrote to memory of 4380 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3584 wrote to memory of 4380 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3584 wrote to memory of 4380 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.78.154:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| IN | 4.240.75.29:1034 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 16.113.41.36:1034 | tcp | |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.102.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.19:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 23.63.101.153:80 | r11.o.lencr.org | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| SG | 74.125.200.26:25 | alt3.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| IE | 159.134.164.135:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.27:25 | aspmx3.googlemail.com | tcp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 16.91.196.218:1034 | tcp | |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 52.101.41.2:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| TW | 142.250.157.27:25 | alt4.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| N/A | 192.168.1.50:1034 | tcp | |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.222.194:25 | outlook.com | tcp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| SG | 74.125.200.26:25 | alt3.aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 142.250.102.27:25 | aspmx.l.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| CA | 206.47.190.30:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.251.9.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.burtleburtle.net | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.133.130:25 | smtp.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 65.254.250.102:25 | smtp.burtleburtle.net | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 66.74.184.236:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| TW | 142.250.157.27:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | smtp.cs.stanford.edu | udp |
| US | 171.64.64.64:25 | smtp.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | smtp.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | smtp.cs.stanford.edu | tcp |
| TW | 142.250.157.27:25 | tcp |
Files
memory/3584-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4380-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4380-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4380-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4380-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4380-22-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | eaccc96a82c9e4bfad0da96f662c4b69 |
| SHA1 | b4721289b9ad4a572a5a80e7c34a815a0125b470 |
| SHA256 | 5655b02ce15e6c0cf200668baa750dfc07ba4ce12f5e6afef4d7cff6d273d6d3 |
| SHA512 | 0cdce2cf13875201d051ed92c205d55d8de367a0d10bec6aa1c472002561601173573da674d53933636564a07bfce114a5ab9b3e5291c1c9b77c8bcc525ff1fb |
C:\Users\Admin\AppData\Local\Temp\tmpE704.tmp
| MD5 | b7c4c2a003b13d603e953da419d82763 |
| SHA1 | 9688d357020e8e572c4c7dc35fb18db961250e6d |
| SHA256 | 217c0e2fee0f55c298e06a0506d470be0b9f1ac18fc299c148c8d0698a3d38b8 |
| SHA512 | e3bef5af6b5bc6b8a3c111e3de6a63bd17c7bec21d558428f438198dff78a43e1fb7730a1e10160ea1eb067d6dfb444111256b24c7ecd4f287541e85dff9ca66 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 7543d9b403fa3da69463d03c9dc58af4 |
| SHA1 | 597115e46d479aa4b1fad854312edc26c4163a6e |
| SHA256 | 20804c974afce514d4eb91b51233f7de97fdc54281046dd58014c1b6a8ecb331 |
| SHA512 | 5edfd059b78ee3b46c1ffa2fcc7c3fbc797b2d7d52c40a6146879b5f7be9933351a45a454a23e9f04aedba9cee42331f0ca0bd3769012b74ce5a327ef274d84b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\5PKZHYUN.htm
| MD5 | 13dbdc82f52fedce241c2bdf8012a715 |
| SHA1 | 23b456b96a87851af6e165bccaba54e171d10bf5 |
| SHA256 | 60e5c9b360b33b79ac35b39e9389bab679b57c1bff6e29f78a70eac7b0f047e5 |
| SHA512 | 469bd22359448a8b78e4fb0c26703c1cdd3271c90b7be6b9f211df43b4e5c5754416a6e1a5f459ad95b5339ac46a2309bed84404095b2951977cfdfed970ba01 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[4].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[3].htm
| MD5 | 1708816fb7a3bfd5b7b660d6887d59ae |
| SHA1 | 3838eec5f8594dfa8cb3d5a18da2ef45437ec7c3 |
| SHA256 | 895f9369bb7b7962b35a6bfad1cef2ce33b9a2a927626481f6d2355f4c500001 |
| SHA512 | 8c5e1e693f503e2fb836f0113d5ad898a31e9d33cfbecb4ea71dbf37c3d5520ff1882fcfeaa40d20469eb0bce071080a50433ebac881d4959a8973996391e538 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[5].htm
| MD5 | 8ef0a875a79d13754ceb733e93a886f4 |
| SHA1 | 617f04056a259aef491e7a80f4168e86ca3b8727 |
| SHA256 | fc2a9c700edd893cbafc0ebc05a972403e499ebb70cdd275e806b9870fc80a01 |
| SHA512 | abf262b79fceca6ce191849a2bc4fa28cfb3a199e718f784ec84ba0abc16f15bd753ff643b4d6724a7731d13307f1b8bf8761727862f98087e02ec4c3bf9b2e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[6].htm
| MD5 | e0a5be76e9ec51dfac52f49d66b7042f |
| SHA1 | f12efdd66a7f463717260ba3984878589bb5d55b |
| SHA256 | bb127db37880544acef5e127517a61c7d6225ef0c6bc97c2f2e0eb35382a0d6c |
| SHA512 | 27158a0d94208b75017d6c5899e573b9e0c39ed7ebdf0d6b4c44cf8eeec441f0faea7a4e30d6a9ce16e60c7088e68b86ff7d0903fb85da8540cd09f34833fc9e |
memory/4380-298-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[5].htm
| MD5 | aa10481d52393a95374e82f0113baa85 |
| SHA1 | 552209cea18c458a2a62274ef3dc25f33e986f5e |
| SHA256 | 27c361cf4438b7acf7398130fd2990bbeb87d783cec50724446e95970d4be63c |
| SHA512 | c458ba8bcebaec57384382fd5e3decbfde474e13442320bf72b9939d96970aa725e693297dd49323b3ae8315c4b680056037058fa217e981f3444e42ebc973bc |
memory/4380-402-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4380-403-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4380-407-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 47d61688474c7767cd896bed4e96088a |
| SHA1 | 20a2d0c7a34226bfae2479b2e82e74284935833e |
| SHA256 | 58d311bce69057463ead040a78b2e85d87b3b8816b5be6eb7e896672da0c48ea |
| SHA512 | 9e2e64a2bc8d8983ef9b678a32d4fe6eced0b86274d5fd2be58df3e3f64050fa0fb1f5ed4e81f29d2da6cc189fdba2195cdd1b1dbdb7379d07665ed293e264ae |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[9].htm
| MD5 | 188fa0803e915feb538bd6cac0d31975 |
| SHA1 | 8936bdcacde5a31a7d955d64588d1b294f004021 |
| SHA256 | 7ae35183098c0928486091c4ab2b56a672b94065d97a33333cf07d1b4dd9226b |
| SHA512 | f2dcfe07bbd221bcfafe4da6e3ee60c40dd967e618140174aca214e27a1f5d80b63ebe0e6102d21c1cee80368f8f43a5203486bd08a6bca4e820f364074e3398 |
memory/4380-495-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\results[4].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchK1SF0WII.htm
| MD5 | d5f0bf6180824979e31ab615f1f88ffe |
| SHA1 | 283737728cf891a09c709b2f88a8b7d6e2611978 |
| SHA256 | aa7082f73cfb00294f184ad64bbccaec0e3070fec8a633db3d4caa3d8488579e |
| SHA512 | 07fe297a466ea61711b30be0eec2b75ea6472a33ba7185ac1e5516bdf1486dff5e19f4cf965f916970871c686ea203b5569b301115e12f5988f9daf58b0e5348 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\results[7].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchYIIT20YH.htm
| MD5 | 76c226f658ffe43ae767b9a4db8c57e4 |
| SHA1 | acb2077908eb8f9e052da539441d58f1deca0e32 |
| SHA256 | e46cbcfb613e96e090fd9ebac59c92acab918f4096fcdb4533d4d31092a6b2c8 |
| SHA512 | 42cb52f8e35e6a493e52058048adcf34428b11f4f822f4ae4100b54b58492203f616fdb0903737e4fe27b6ff4c764ef849ed1aaec4cac2c62904582878032361 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search9V0A97ZL.htm
| MD5 | f802cdec27c97310d7531938d5c17422 |
| SHA1 | 741facfffd25fdd3a0f58d77d88a4124f180d136 |
| SHA256 | 25d3102b4811563863c2f4fda3080790eef0dccbbfbaa6575f038861efb7b3f6 |
| SHA512 | edc143f9e033e39b4d7e2da52a473b88960ce2b4455b5168db397f65b840238cb4be3a935e6f3ba4620830f1c5eabff50169d3df29e4850308fa69ddf4660d84 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\searchHZYLDZ2V.htm
| MD5 | 7fc6c7a0e1037ee1a0f7c844cd517e6b |
| SHA1 | 3f30fb69cb60f1da3f9222b9c30775f3eedd22ab |
| SHA256 | 1fdd29ec3e8d1114e15330c20ac4c1ae56eb2e0719404e2288339c756ee25770 |
| SHA512 | fdf2b04515ded6f18a70d458893b7e7e8b23c297ed12d813c402e9cbe3fbe7376a8d29ee77197ab1cd2f4cec0ceb2559e0995e2b47d74bd265329b4f144480c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\results[5].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchR42CM2VC.htm
| MD5 | 804de64f5e1dc64f333aed1a246944f2 |
| SHA1 | ac5e79bab9b067817a4e310de348548018d9a1f9 |
| SHA256 | 8d2717a1e4d17ee071221845b4dd0e374e191a34a39204044147b25347edd98b |
| SHA512 | 24e2c85b891e323b1dc9c921c11a627e224dfe678dab7b7a989498116c17f15e97b496fe842a8901fed8689c517b53a11e7595251035f91109af39f1f734b0cb |
memory/4380-662-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 48cbf6149b364af54b780044c5d60c98 |
| SHA1 | aac37329b68cf8f497884e654e66492be8b311e7 |
| SHA256 | 1eda5eb8e6a0cd57024658207baa5b66ce407a1c79b9e38ca49eee42761068d2 |
| SHA512 | c95c8125bd653e95cdf5b9c88339d4a1b1673446c5022ceb83cb4fe67ee16fea42562eabe8c29d9ca275610333eafe3fd0c22069e14bae03bfe03481fca3f2a8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchMXR6LN97.htm
| MD5 | cf3ea5f72db34320386248a6a89fef0a |
| SHA1 | 3f3e1d558810270aa5c6db23de8002b660771d87 |
| SHA256 | 387b091f87c9a091f9ebe5fb785c4b6de07bcf9cf72baa62ecebeba64cf75907 |
| SHA512 | 1abb76e6f5fef614943b5ac7b1f528e82f00d4afe81f6c3ad79958803df6b1108dab078f9e31424c77efb3a2b216e4517cc5cba91722ef2af88a5d1efed8a45d |
memory/4380-712-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[4].htm
| MD5 | 8855c9f53fb088155b4aa1bef678a478 |
| SHA1 | 8ba10b6d46df78c7f00564bff889bc7b9bf6ec93 |
| SHA256 | f7d54621e94506b4a328b6ae937a285ec525e3904639fc5c4e4e770fe0b0ced1 |
| SHA512 | a940cc3d650569517ff95d4e591e4d7a606589344a200d09a464505a38f45308feb9a77065e8a0a014a3d6a834fd0dc0b87660969a9adb7682c7d4362146f5b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[7].htm
| MD5 | 9d67e65ba2e035ef20eb974d9fa66891 |
| SHA1 | fbd3459ddaf477ff7031c0d130cfa1db7e4e717e |
| SHA256 | df0c4182cdf3fd86ff81e233338f819ee8b5362ce819d01df1b1254bd06cb76c |
| SHA512 | 9e8fda7652c259d256b3ff04d6a108d3ba8acc766ef224540c466abfc906220e992ebc9e28a7a699c0776fe62c370af77590bcad63911a831ea8e9cb7eb3ebfb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\default[6].htm
| MD5 | ffb72ab4faba49ad441ce07db37dd8b6 |
| SHA1 | 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e |
| SHA256 | 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660 |
| SHA512 | 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search9EHQKJ9L.htm
| MD5 | 102a1906bb3ccd8bdfc4a858512deba2 |
| SHA1 | d068ddfb5334fb07ab5abcfcda7393b6c097931c |
| SHA256 | 75c0643e3fb05c2d337570baeaacf77589eda8c4d73be3a09a803b6f702c9f1f |
| SHA512 | a87a777337651bd46bc18677c569c5880b1285e29f34f7897e9f40fe65aa40d42ef5759674f5ab0ad8e31ddfe1af7cdaeed5012045fcdd67408320273b0ba166 |
memory/4380-879-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[9].htm
| MD5 | 76cbd06d89bf55c4f90ce553999e8f20 |
| SHA1 | 68f6d04251fefcba388a79e027abd866636dadfe |
| SHA256 | 59a0660e0ce33817512a3f6afc2334d6c0ca3b082bfe46ff036ebd008681a70b |
| SHA512 | e088a82a71f752725080b706aa9f9c307fa8bf2bbeb275f917dd6aa8d88cd8385f8602193a28e91f8a22e1505233b013b2bc9a7a0465a43147e7240aca86e6fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search0Q125YIK.htm
| MD5 | f0c7f2880250562b85c3af6805d7528f |
| SHA1 | 9784c1e4419a6e05cf2d7d5d29747367c648fa03 |
| SHA256 | f8748c18b1010f4c11d09d4898d6f153884b38003ff9dcbf768e6f3ac634a6d5 |
| SHA512 | d87d6a7d56ca31a972a1e92f470db884f50bd70f0ce872e24444dd2a12a709c501f58f31f3c58bc0385b675ff0a5f67da0d4db7e752cdbe6f525cc726b819e33 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\default[1].htm
| MD5 | d7c7d9a22116debe181b010d460c4449 |
| SHA1 | 0ffe4c171565d8d152bba5444abcfe4c3bda1a0f |
| SHA256 | bdb7ac94dc916af2d7784a5c147167ce13e49d12baa9b8f3cccaf33e29419a7c |
| SHA512 | 0fce80c4e1d764c4ecd93f763b43459f76909893992069225559aa43d92991e436263e43a14ecd080d0452ef0aec3c1742807f88b3d7badb6a5f78ec13a9efc8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\searchGA5P3VLH.htm
| MD5 | a9c99d3e8b77b22b32247c7297646f6a |
| SHA1 | a007d4e30793ecaa00d0b1bb52acd925b87f2f1c |
| SHA256 | bb8187c7604a8d566a6263f828a509aafa0b73fadb3e19f85ae084411f208e5c |
| SHA512 | a593e25e32c2fbfe4e29d1f1bcae03b0025ec4820f7b0ca5e5429c0993dd8e2e8106b8535efdd55bae05f978a5d836616310ae00ccb993b76fcf2382db5fd38b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\default[5].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
memory/4380-1133-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\searchZ9EI2NK6.htm
| MD5 | 5e25d624a01d628be6edd503597ea2ec |
| SHA1 | 8b4d43da122bcbf29df5db548091f4c2ea6ad93a |
| SHA256 | f231bd96f869da44c05c495248526cf6f939a0a7d0f2d46a845f205ff298c57d |
| SHA512 | f612a4fd8d8caf039dd94539870dd5994904ad0b1db0d450bb9487e06bc3cd103ab95e6438f06879ad7c91eb38c178e260b0e4015e5ac9ab2e47e2126e0204d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchIAEEVSZP.htm
| MD5 | 126fa2a5b854e5db264a24f9e7214008 |
| SHA1 | 309f126a09b38db3cdf822ec88aebd17c6b5bbd6 |
| SHA256 | 317a38bd3bcf2a082a65f36ae655c2d2fcd01d065321cb9eba0d94e02ef110ae |
| SHA512 | 424af8e4979f7e3686f85ecacd668efbfa5428153f46b65db9a752414dcbf58c9fd8b7349dd1db1a17c91cdc0e0c62edb2876a8abc9d7bf72f20719ac5025679 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search5AHWGZGB.htm
| MD5 | d64906bffdff88511b4293c21c232f1e |
| SHA1 | 26fc293f460153c3c6eb3484733af2b92b7b6735 |
| SHA256 | bdfe9f632dc91188c0acdaeece87fd6dc792d110e7b1e8abbd8851dc1596caec |
| SHA512 | 4b3f7c8528d4dda228be8211374f10c2c58119e069a249a2c2c8279be11aa248f3cee0bac829c94bf3e3bf809c1bcadb290d99a15eff2c21a2296a895d602b1e |
memory/4380-1199-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 13:05
Reported
2024-06-14 13:08
Platform
win7-20240508-en
Max time kernel
150s
Max time network
148s
Command Line
"C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe"
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 352 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 352 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 352 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 352 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a9d3343a18424e8c25e5b5278229c325_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.78.154:1034 | tcp | |
| IN | 4.240.75.29:1034 | tcp | |
| US | 16.113.41.36:1034 | tcp | |
| IE | 159.134.164.135:1034 | tcp | |
| US | 16.91.196.218:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| N/A | 192.168.1.50:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| CA | 206.47.190.30:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 66.74.184.236:1034 | tcp |
Files
memory/352-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/352-7-0x0000000000220000-0x0000000000228000-memory.dmp
memory/352-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1256-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/352-21-0x0000000000220000-0x0000000000228000-memory.dmp
memory/1256-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1256-57-0x0000000000400000-0x0000000000408000-memory.dmp