Analysis Overview
SHA256
f986e159af62fa5895a92f1ace578771e48428ad65fdd3b5d716055317f1141c
Threat Level: Known bad
The file 1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-01 23:35
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-01 23:35
Reported
2024-07-01 23:37
Platform
win7-20240611-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1696 wrote to memory of 2192 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1696 wrote to memory of 2192 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1696 wrote to memory of 2192 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1696 wrote to memory of 2192 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 169.254.248.41:1034 | tcp | |
| N/A | 192.168.1.106:1034 | tcp | |
| US | 15.197.215.231:1034 | tcp | |
| US | 15.197.215.231:1034 | tcp | |
| US | 207.59.216.146:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| CA | 15.156.65.95:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| FI | 192.163.86.3:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IN | 4.240.78.157:1034 | tcp | |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | apple.com | udp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.187.196:80 | tcp | |
| N/A | 142.250.187.196:80 | tcp |
Files
memory/1696-0-0x0000000000500000-0x0000000000510000-memory.dmp
memory/1696-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2192-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1696-16-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-23-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2192-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-41-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-42-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\widUui.log
| MD5 | 554288327dce3abd84aa3c1aab181722 |
| SHA1 | c2b2b8c6e298a946c2e10a75457f2f8716303c31 |
| SHA256 | 0e8affa1d769e253581d22c453b882734a74be739f991e906dc10e41b085e8a4 |
| SHA512 | 26b553bc52d638f7ca9e2c98beedcba2c7d7a4681c7c9a219af3875b921e213af52199653ba4dda8f6acf5eb735bb8befdaf242d46513d334c2de62e154f9998 |
memory/1696-46-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-47-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4b951e9250a7afbb50440ea05709af70 |
| SHA1 | a42fc3cc55da26fde41286ca6dbb7ba3d0d535a8 |
| SHA256 | ddfbf6564bc5b48fbde830958f1677a5eec76e6fd230a42ed40ed143ca71058e |
| SHA512 | 67e41a1773dc17bb32f6cffe0cd48d98c07d52c693fbea82c807d6e3c4eb1037851e7f8927fc990c51c6e30f03dd02f7ac2756ecb5c0792b915b82c41b9f94a6 |
C:\Users\Admin\AppData\Local\Temp\tmp5947.tmp
| MD5 | 117d1aaeef63288be83c77328b210fb1 |
| SHA1 | 4a3123a6dca5b05287405665b34d34227763e3db |
| SHA256 | d7d86fe3db79391e3491552594eb8c23d40ad4f74b41119a637dec7b5d4c7e97 |
| SHA512 | a3a8b32e07991be7d0df5dd96df596a38c34557f23a993113f89989f6f7d04cffe2e09ab732bc631e56726a7cf15ee79bdf5e4661c672cdc3ba12f8f5b95d14f |
memory/1696-61-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-62-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-63-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-64-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-68-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-69-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-74-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2192-76-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-75-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2192-81-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d62828c731bab91b807c031d60b6886b |
| SHA1 | f74fe1c8c7ad9838c428a4cff6ea1f6280402119 |
| SHA256 | d7d239c96659b18b5010840eaf6d8109bf6900c55294cfc00289a83f91aa3a7c |
| SHA512 | 03fbfb96d5b97dd561ab2032fbfbb7215a632c3d1f3cd0760bb6f04d65e3d64547cfbd5f7a55b4eec39a5090612ada16d360b5fe0ba63be8cd4d0e1831f121d8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-01 23:35
Reported
2024-07-01 23:37
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2972 wrote to memory of 2544 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2972 wrote to memory of 2544 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2972 wrote to memory of 2544 | N/A | C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1cf18ef3eeedbf8409b1eaa1cc215a73_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 169.254.248.41:1034 | tcp | |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 192.168.1.106:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 15.197.215.231:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| NL | 142.250.153.27:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.11.17:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 23.63.101.171:80 | r11.o.lencr.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 32.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt4.aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 15.197.215.231:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 207.59.216.146:1034 | tcp | |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.41.23:25 | outlook-com.olc.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| DE | 142.251.9.26:25 | alt3.aspmx.l.google.com | tcp |
| CA | 15.156.65.95:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| FI | 142.250.150.27:25 | aspmx5.googlemail.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| FI | 142.250.150.27:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.228.130:25 | outlook.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 209.85.202.26:25 | aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| FI | 192.163.86.3:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 209.85.202.26:25 | aspmx.l.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.burtleburtle.net | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 65.254.250.102:25 | smtp.burtleburtle.net | tcp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 142.250.153.26:25 | alt2.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | kinoho.net | udp |
| NL | 142.250.153.27:25 | aspmx3.googlemail.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IN | 4.240.78.157:1034 | tcp | |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| GB | 142.250.187.196:80 | tcp |
Files
memory/2972-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2544-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2972-13-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2544-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2544-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2972-25-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4b1927bb390423cec9c8df668218dfce |
| SHA1 | 2b4a25d5e6fe5c95ec037fb3dda3438101d8827b |
| SHA256 | af3661b2828b4e65cf4f93af402a8b66c714217bd35268a04f931dd54b9a11ef |
| SHA512 | c846a1ed2c550ee194a947126071b12d6365ac406b705269c8821d6a41bca54e62a5cacdb588de75fb12c35d5a617df4148288f62eff5b23d6912a315788b8c9 |
C:\Users\Admin\AppData\Local\Temp\tmp144E.tmp
| MD5 | e834909c955cc9502a398bf9666b155b |
| SHA1 | 67494b8e932414cd14b467122844f71e6bd37c5f |
| SHA256 | 84fa3ef503eb4da7ec5c89a8353c8c0953aeb74d74ef344e148d2648ce0c805c |
| SHA512 | 3c0f76171c5bf2818a51d792472e9017e7ce3023b4960c5de607c45ab7f758910bb9efe2e825987127515cbe8f285c157c3f06c8ae38ece11d610c06c03772b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\MJWVN5EU.htm
| MD5 | b1fd59dfa05612e7765b02e13edcfdbd |
| SHA1 | df1660f1cc6190b2dbef4b129e5d93c5e7fcf88c |
| SHA256 | 35630ac2f9f30a0a185c3cbb68a427c7bfb5cf28cae656c30723fea39dd75751 |
| SHA512 | d00d71ace26fe965b748afd4abc25e908fa61aab44d92acb7d529fdcfeb8fad08a93c79399294596e50257f80f1f5d9093f33e2e29ee652f24434d461b949b5d |
memory/2972-132-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-133-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PGYR01BB\results[2].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\search[3].htm
| MD5 | b845770126ee78fc91823d6636b145f5 |
| SHA1 | 27871bfc0b8344e0d168ad2e1dd3a6587b2eacd1 |
| SHA256 | 5cb67be4515d0afdb64df0d1496e9a34b8ce3d9cbc35f0df94762f3b0ac2dd87 |
| SHA512 | ed2a12490cb04d91768060771f68bc526beca805329e55532013dff75ab2ec48eee62f0a875b3333c8e238c40886c6784b6a05b809017f379c4c18acc7c8462b |
memory/2972-234-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-235-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2972-236-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-237-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zuwcskicbl.log
| MD5 | 7c8980130b7d9869e45998d7db848131 |
| SHA1 | 96c7afc7814c5e630f13abd37650c988da6a8d00 |
| SHA256 | 306ba74b7b0380cd46577053dfa22eeb73b47e9e24fbdd93e5ade82f619dfd49 |
| SHA512 | 2b687f2e3d5fbedef0d7d9c8bc97999d082bdcbd889f612edeb3628a146c8368be15a09205103d0adcebb52bfc7f19ced01467e0cecd1313245957752619d660 |
memory/2972-241-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-242-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 7f8f070173ee3445b0600f5b779aee6f |
| SHA1 | c345c7096462b648acdb671db423ef0d5f37e5d7 |
| SHA256 | 637874a1906f6b0038d13ac9d79a6e7de3856acd43bd16f7a3fd39f757aa3f4e |
| SHA512 | c7d04a8fb1c860bd3ca08c4498f5c48eeadaef53227b56df899bcb6bf156a32a73bac47c79f9846feba5da488b81c42ff4534b6a1f09b829744f2e6205e15183 |
memory/2972-265-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-266-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2972-305-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-306-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2972-309-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-310-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4c256ed2df4cdf0abd4c84ee993bbf99 |
| SHA1 | 2e48429c653741f66d4d2812734455b66f99cba9 |
| SHA256 | 9bb8c4ac82a6912b63b31e9745e6de2139e7f46002d7479833c8b4347f81be87 |
| SHA512 | 4c5d584f8b34442c2d115be0ba6ac2623c62c7e719696826a42399dc592d5591f1276a6919c2f5fdf2322156b8a2964798c77e7b7b8e57f8b3a7519c58aced99 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\search[7].htm
| MD5 | 80728c116742ef0e4c3e69c793bbab1a |
| SHA1 | a7517b5a2ff8857e2e81b2e79d50a5067b3a0492 |
| SHA256 | 3294b10a3283db18d44ac2d55d463e9731c1cdd9dfa87a2b238000959968acc3 |
| SHA512 | 35e47b929c74e3d81fb626c82c2060ffcc3d6d30b2c259ea3240c5e8e0a75c0b7152513e360462fa3d54721a0e71f85453f513acfc0fc6d7d80b05861bce05ad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\searchA7190HNV.htm
| MD5 | de047dbfb700c68a0e98053221bd63e7 |
| SHA1 | bd7d3918b2ec2d23d200339bb9266ec9823d0550 |
| SHA256 | 31b070ffd1f73f5545667fe818a0a2600c1a4e45352114993a24290349e164fd |
| SHA512 | 4c7702fd56eb4942ca3b92620428bea7512c050e9086f3e09ba02b5d6ae9bfc1b4d5798eb9536232621d871ce6ee2d1fa249960b8f22f726afa9b7bfea26e6fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\search[10].htm
| MD5 | a46c51a45e616737939e7441841be03a |
| SHA1 | b689d7060bd2bb1b97191ab8a6830d138adf594b |
| SHA256 | c151d824db800256e907250a2d605d92b5e0bc58fa0950e7a0877f140093ead1 |
| SHA512 | ef629453e1ae30f9e213ac339252a6474dc970cad840245b755a93e2eba6c7eedf18d54416a5e864c694588505ca88b81b46fdbc377e23a68b122e8140af131a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PGYR01BB\results[10].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\searchPE5HHZJB.htm
| MD5 | c4ce80ef3a436d0af9b46c39db1ac232 |
| SHA1 | 615e3ca1f091e592197be215a41e766ef2085bfd |
| SHA256 | 884ecb2f6cb15f568bc85adc3eed983899198e4f67108a06c1b156abe86cd887 |
| SHA512 | edd7aa3d6c01a15e45f1910b5758e5a4aacf6f07f15e4374be51b5c9aaaf83dc5f631789ff69d1ee261fd48e102cadf6f752d1970e9785edeff9eb86bab0328c |
memory/2972-494-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-495-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\searchTS8BWME5.htm
| MD5 | c28783c8739bac0842f8425b03583d43 |
| SHA1 | 7872dbf0ffa51f43d2b56044991d9c7c832b43ba |
| SHA256 | b92470f0747989b5f40b8c9f70b283b5abb63186624dba20c53463b34c55070f |
| SHA512 | 0eab29473d962c040b991dbd51eb69c5d65f1bf25423901fc422091a08a6c4efe3e0cfac5f16aaf31a3881197a1f636d9cee0ba2d0229bf52a46fc69b58be15a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\search4P9A8KZ1.htm
| MD5 | 6f2a2034af372ea535db9142823dca86 |
| SHA1 | 4c762d5b736959c03592937f7e93500896fe5331 |
| SHA256 | 0b644cc2c19df89f84d94624a60db1f471b008ca73cdd3b08dce6cf9e44a6e2a |
| SHA512 | bea7ea0621e65659f84832c5df924596f7905fc2484899b306eac3b2113a498e57f4ed47e443dd4723a19d6a2b955bde78d2d94526d42f9d388378c29e1bd123 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\searchEGU2ECZF.htm
| MD5 | 5f90af2e017b471e4baa15a315b5ad52 |
| SHA1 | f1e627fcb32a4977167f029968a1c9fedc30a602 |
| SHA256 | 744e9e9cc5693b9548a758b0080f0ac5fab60290bc275ce1076237b57f13778d |
| SHA512 | 170d1a62318e7df457f815534388efe19951452807be0b5f0c84c2e92cb605b8edb1e8f9760b908b0502ba5d459cf48adb852e75a5847ce6127e714e6b41eb98 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\searchIHP7YAUJ.htm
| MD5 | 22870130d215f6720a5d88f4dcc3af57 |
| SHA1 | 663f4957fc14337d4d4450ba56036c43155fe492 |
| SHA256 | a75e0fbe67d2471a86897ce5796bf1ac0d825236a72a307a603e7cc885b24575 |
| SHA512 | beb0fc15ae3019b38eeae6ee1959a3200d5452d29296062cb0594238e93d0800ff9cdbcabbef71b723c0d03f2db6026d8c841aaadad8f3767794ce1d3aa0bc05 |
memory/2972-663-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-664-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\searchICWLU9T3.htm
| MD5 | ac992e1fcb39692c9cb0b82d328659db |
| SHA1 | 348a088ab1dfbfc0bf154bd5b3482b3ede57b00c |
| SHA256 | 49892da6f79bc0a696915e25f7dbf3c19b652dca53b47dee39aef349b46236b8 |
| SHA512 | 07ec53ba16b316cc24ae14e73031e5abe77678812db1d98d240d09366faa7ac1ae6af16a232cb0f3a40a5fc0b623e63224e6b0deec45a81d0e976fd5d424d83b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKWDYRX8\search[1].htm
| MD5 | f2cdff8a82e23853c83da0a195473a86 |
| SHA1 | f19bd2b245d8ec3625e8a46965e4b66f0282f749 |
| SHA256 | a94b6bd3698440b989b599bd42ae498947fb035edf9e8e2d4fb6a89859a73360 |
| SHA512 | 7350c69f6360a60c6cf0739a2f53978bbcecd2ad8b425dddf660bde76ed977f3b814bcbf00e0da1b112cd507b272282c7c92b3269f83d247e814977f70eef5fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKWDYRX8\searchSH7O7V0A.htm
| MD5 | 7ce2c76ef225c2e1d89ea9781fc413e9 |
| SHA1 | 082d35c319903c5baec034550f1ed3c109650624 |
| SHA256 | 594ee44f8d39ad45b2ab6cee5108584ebb872e8e13108a30822b0a05a66fc813 |
| SHA512 | 3562ca8d0ad077a8f7317d5b052d8631d963e6ca1f3380779a7af8c6d1aee60c008a45e8cf9848669d828f1d49e6842edcdd8b996677d3dffb6afd24a2ea26d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\searchZF2WK96Q.htm
| MD5 | 2bcf950cffc90fdadac8b440bf4c9310 |
| SHA1 | ab8054e36011f15700cc6f9ed1cfa4d30218cd0d |
| SHA256 | ffdd7ad5ecf5123aff546f3d32fdeef9bbe3d7d3da442387a4b58d5210d3bbdb |
| SHA512 | 65764a0c9de0164dbc0b9416c88083a3fa4c9a1d8dcbc0b3309b7329433273ca1cd3b8a15184261ab522dd91c1a49e022cbf55bf8dc704b9b5fef89bbfc415b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\search[6].htm
| MD5 | 394bcb5da1803348c17c172d0b208c1b |
| SHA1 | 66ac43be50838e32ad7b32d879c55b70ece9963d |
| SHA256 | fb71180480dcdfd1e88515cee66b7ff96c7b083270eaed7c539549b82abb9f80 |
| SHA512 | 814a39e095fa9df8178d984522caeeadbc86fc9c420035ec4bc3fb19cd8f77e04d58c302e2181e8db5331e0094f80b0bba009efafd4a0b94319f64a2e54831ba |
memory/2972-857-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2544-858-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | a30a0f5b4fc1d7b9ce04348a84c5c52d |
| SHA1 | 8dc8ca36a700f355720a0ce0f64927de80949620 |
| SHA256 | 467fc19132352a29e7567d779d1c56fc0e5596e46a68bb26db633a3c4a6115cc |
| SHA512 | 942134223fb1a1a6f84e7b9916d049af55057d333d2ad89c62a66e7658f905684f50ba7c6fe7fbe0e27447c7afa51553ac198e255c834f3e4b6d398268412ed8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RV7W6KN\searchT5Z67B8N.htm
| MD5 | 8f5d199f8b668f9f51b5ed8fc2f7a0d4 |
| SHA1 | e62028838e7b411d48371930e7de8eed830893e5 |
| SHA256 | 01522227177bffb66ea2ac529da3887b5a3baf705e7c3349dddc82ec591ce980 |
| SHA512 | a04f04a1f728f07b8f8d255a1082106700f408fcb1dc214c3efb1634c09424f5e9181770ca3064b5712d4276e5901c1d76b059626388b0c7f5dd9cf5c88b8a61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKWDYRX8\default[1].htm
| MD5 | 68aaab294418cf29e2bfe108b83d5e0e |
| SHA1 | 6d0fe2d9c14dd6a8d945624c99917129d876c408 |
| SHA256 | ce8372f561e15cf3fbe226108a689130fe678a809e571fdf337051affc9e8553 |
| SHA512 | 62631eb0542f5fe92b37ad31d81a17926229f3636f5961c2c6263c254a19493850d200536230ee14528579dd59efb8c09b9a3ecf3f62f147d1817419f9c950b9 |