Malware Analysis Report

2024-10-19 11:40

Sample ID 240701-mbr8psygpk
Target 1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118
SHA256 d00581052c8624d968f1af763c5815ea2948748942cf67c8fab021758f636b2f
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d00581052c8624d968f1af763c5815ea2948748942cf67c8fab021758f636b2f

Threat Level: Known bad

The file 1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-01 10:17

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 10:17

Reported

2024-07-01 10:20

Platform

win7-20231129-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.78.106:1034 tcp
IN 4.240.78.157:1034 tcp
US 15.124.29.93:1034 tcp
US 8.8.8.8:53 126.com udp
US 8.8.8.8:53 alice.it udp
US 8.8.8.8:53 mx.tim.it udp
US 8.8.8.8:53 mail.ru udp
NL 34.141.161.132:25 mx.tim.it tcp
US 8.8.8.8:53 mxs.mail.ru udp
US 8.8.8.8:53 126mx00.mxmail.netease.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
HK 103.129.252.44:25 126mx00.mxmail.netease.com tcp
RU 94.100.180.31:25 mxs.mail.ru tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 142.250.187.196:80 www.google.com tcp
NL 23.63.101.171:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 16.115.192.158:1034 tcp
US 8.8.8.8:53 tim.it udp
NL 34.141.161.132:25 mx.tim.it tcp
NL 34.141.161.132:25 mx.tim.it tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 34.141.161.132:25 mx.tim.it tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 gzip.org udp
US 52.101.194.3:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 gzip.org udp
IE 212.82.100.137:443 www.altavista.com tcp
US 85.187.148.2:25 gzip.org tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 alice.it udp
IE 212.82.100.137:443 www.altavista.com tcp
IT 217.169.121.227:25 alice.it tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 126mx03.mxmail.netease.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.ru udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
RU 217.69.139.200:25 mail.ru tcp
HK 103.129.252.44:25 126mx03.mxmail.netease.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 16.48.65.121:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 tim.it udp
US 8.8.8.8:53 tim.it udp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IT 15.161.156.80:25 tim.it tcp
IT 15.160.73.215:25 tim.it tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IT 15.160.73.215:25 tim.it tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 85.187.148.2:25 gzip.org tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mx.alice.it udp
IT 156.54.69.9:25 mx.alice.it tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 126mx02.mxmail.netease.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
HK 103.129.252.44:25 126mx02.mxmail.netease.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 155.208.210.76:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
NL 34.141.161.132:25 mx.tim.it tcp
NL 34.141.161.132:25 mx.tim.it tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
IE 212.82.100.137:443 www.altavista.com tcp
US 52.101.42.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 coloradotech.edu udp
US 8.8.8.8:53 mx1.hc3950-10.iphmx.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 216.71.147.46:25 mx1.hc3950-10.iphmx.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.alice.it udp
IT 156.54.0.101:25 mail.alice.it tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 126mx01.mxmail.netease.com udp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
HK 103.129.252.44:25 126mx01.mxmail.netease.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 telecomitalia.it udp
US 8.8.8.8:53 mx-pm1.telecomitalia.it udp
IT 77.238.27.164:25 mx-pm1.telecomitalia.it tcp
IT 77.238.27.164:25 mx-pm1.telecomitalia.it tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IN 4.240.78.199:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mail.tim.it udp
IT 156.54.0.101:25 mail.tim.it tcp
IT 77.238.27.164:25 mx-pm1.telecomitalia.it tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx2.hc3950-10.iphmx.com udp
GB 142.250.187.196:80 www.google.com tcp
US 216.71.147.46:25 mx2.hc3950-10.iphmx.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 smtp.alice.it udp
IT 156.54.69.9:25 smtp.alice.it tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 126.com udp
CN 111.124.200.204:25 126.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx-ac1.telecomitalia.it udp
US 8.8.8.8:53 mx-ac1.telecomitalia.it udp
IT 77.238.27.180:25 mx-ac1.telecomitalia.it tcp
IT 77.238.27.180:25 mx-ac1.telecomitalia.it tcp
US 16.188.129.22:1034 tcp
IT 77.238.27.180:25 mx-ac1.telecomitalia.it tcp
US 8.8.8.8:53 smtp.tim.it udp
NL 34.141.221.156:25 smtp.tim.it tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in.g.apple.com udp
US 17.57.170.2:25 mx-in.g.apple.com tcp

Files

memory/1848-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1848-9-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2044-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1848-8-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1848-17-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2044-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1848-24-0x0000000000220000-0x0000000000228000-memory.dmp

memory/1848-25-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2044-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2044-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2044-37-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d520c3d6547ca912382e04c7b4c9368c
SHA1 964a6c4969a6765206bcb288ed73852f23d2e981
SHA256 51c92fba6b6fe88dd10e4aa7c0e343415e592ce7cb7ecdc90d84ae63e38f8840
SHA512 d9948f5fd523361c269e6bed7d6be6dcb19f49bf3c6bb9112c28b1fef5d615f449ffd409002c869d0bcd9656acd6586a298ca78539ec78513a5901828eeea580

C:\Users\Admin\AppData\Local\Temp\tmpF6E0.tmp

MD5 58e33742aa51ad495cea2e3709a9709f
SHA1 457cb938bfd77c5173759cb5b6c1d422c2fbfecd
SHA256 ec709f5cfacfa9eac3d8e4fd01ce69d76ea415f03e94da2733ae1ee8c9669429
SHA512 caa8866b26b84b68a6ed5314bdf6d8f742d9fb52251ad762d95ad7949554fc0a29facb1750d25f85e3a5c58e39da472a3fc502906f5d77d3d2bb36cfbdab098b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar23F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd6f4bd84bacceb67a56229fbbdccb24
SHA1 4438792ceb4fe1fead500fb10fcb9146870a196a
SHA256 9e0749c44677b6de599261c76f0365d4c7d765316a7a087b156eab05562335ee
SHA512 cb926a32f7743c9a724c423e5d4838cc2b7f4829815cb580141ad19a30121a5a58d4ac0ca1ae4c3fb0cd7a979ff1b4b2e86987e233bd747e17fd648142d12147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 03c6018a18e4bbc327a78657909cc724
SHA1 50f743071ed359e64062193ed099f59b2b3d3b19
SHA256 3bd01a843250ba7637f01094a5107ba1e7f3e718879b9a6b64c5df67782eb51d
SHA512 60a9a2ebdeddc1bdc0fcf82a58aa6ae19eca1ca098e5fd190a15732a90a9b78307211e493ab176675d2124eaf5f898d86fe8422558e4ee565b8019a1f6819a13

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\072Q12EF.htm

MD5 557b66d4691a143edfb45830b248ef95
SHA1 cef38a07a1e2dfecf2dfa77e31788e8cbfa139ab
SHA256 5bf3261e6d935a3cbaec4ab3a2b695ee1e5c181dc3ffb9daa1f44896fbe160d7
SHA512 46580af722020c1eb02607dfd98d544d4339304d884d64fc2d663429e834296bc850bb5c6ac0b0f8c2ee2c5fbe375395b6badc61bf7951926daaf5166c65949d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/1848-195-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-196-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\UC1QW67R.htm

MD5 93c71aebd727ad504555347500bf80d2
SHA1 fdcaf2bea9963535051bfdc1b448faedb0392398
SHA256 84960ca6c6b0a75316d12a65c115e481669d61fd070ac1212517e7fdd81155b4
SHA512 68a70343f6fd06900ad77ecc56081b53b6f1115ae58213ea028de84ba57a4fa7155ceb297ec3ff91e2a3dc6f7fd80911a7a4dd9e0580e3c6c861972480ac5a2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search[3].htm

MD5 75b333435543ea1f488d1dd14ce9e0cd
SHA1 3a678d7f0a6e9edb3d3afbf6b73e9046fd544bdf
SHA256 8a2bf6248006b646e96dac366595ff6182bf98828ab6828ac63988aea9ea3858
SHA512 feea866912a98b51388c56d5e238bcd4a5f9d8ed3d590e000efb2b2d92212f121830462ea64089dfe6063cf221a1abf5a55aa5fd7325c6c15d1f66798323520d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\MG3PFSGC.htm

MD5 d287f41e0afb7f76f78039c6344353c4
SHA1 a77408c0e45416745d55861bba72b8a5242a8f82
SHA256 3b522a06c5287af1ade5ee3665b5ff0bf5bcd3cbb30258f3a9c36192fa543bda
SHA512 03d094563b86554f561c1ae3a687e5ea84e42d2b5df2cb24651d2e98a468cacfc8b9a7a0be2521c8c6b625b394c28b4602e4f0e4fda632eb94cab7e6c6aaf804

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1761520b7ab75615593bb927befcc2b7
SHA1 3299564188c413b53f8697cc42f88767d7a9e069
SHA256 9e3e1241965693198bf211b74dbdbdc81bd292c8bf827ff9bd57969b12a31176
SHA512 c9b8eb81a88fa49732b3ef9c9e854851a0a1b6309651439f028364b6c5f6eb6b26d9e9092dea5117724d9f65b72c62c81349242974fd028fb4b2e112b6fb4d17

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search[3].htm

MD5 c51481664dc3dccde562b0ccd47d326c
SHA1 3a7a31fe637f482e3d3219544cff1b909c546753
SHA256 1d9bc25a4d8148ac8766bd95f84850b897c0f5ffdef35ce7b53892533118c936
SHA512 912cf919536c0da74392d46b7df0592bfb963c3cf8cf90ab1afd7b4cbe8e241648e3d2ce5559e9d5eb9d5b5a4e3fa1c744b406892eb4755758734145e2f33d2d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[6].htm

MD5 6733507b3e684b2b2ad9159c8d1c09f6
SHA1 5c83241733024e4841deaaf14327e2958285b4a7
SHA256 afc797a854d587f0cc9a3b2a723ac425fe22544c12c33c304e024c0e3abd797c
SHA512 b3d8ac4c2056b832c59f83499d0c82becf797036c12384d05c90f84ae774a28e9581a6524eb1c8250537cb6b2892fc855e5310d01db343fc365d68bcb6366c7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search[5].htm

MD5 5e5db5ddfe5bec6195ae893f9c390128
SHA1 17fd0b02e3866dcce4c7359140fac11991bce65e
SHA256 70b0bd54b976ce82b8646588f318ce7ee8637cfb7339281114a9356c6b189898
SHA512 74af9c0e413e71f493bea0207a4028e9717c170f69e9f30a150a22637cd1a2db2504ea6e660bf9820154750766b171f5515ff825bfea2b18686327b79a977a38

memory/1848-404-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-405-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search7OTN0I3E.htm

MD5 72e7ad9013525eed3d0f3d8346fd17a6
SHA1 985a982f8ba28ae4cf1d8dd0738c9c86e06c4099
SHA256 d37b80d0e9a3882306435312e8939bea038a21721be930dc7205b47667672c5c
SHA512 78187973aa91cbce4950c0d223d6ac93ff5f1be15c1cf31bad266e7267594bd24ae11a62f4ea5c12dac4406438ada2d2dd2afb2c4aec87b0a5062a8764f243d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search8VJ2RKHO.htm

MD5 74e21e232807255cc73c85e99cc9eabb
SHA1 6e36d13479d503d726ad25098e4d5a9d63c1ee18
SHA256 58f26ae720c9e83d294efd9b0ddf7286c35e5bcf2db78f48432db26e451ebbfb
SHA512 6f0e91b099eaa476a44ebbebce5c1ef850e84c154f754e6302eb23d06eda345e38b64edfdaa6914915e59d992572fc2585606e79e73184beee16e74eb3809529

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[5].htm

MD5 605de1f61d0446f81e63c25750e99301
SHA1 0eaf9121f9dc1338807a511f92ea0b30dc2982a5
SHA256 049f75dee036da00f8c8366d29ee14268239df75b8be53aa104aec22b84560f0
SHA512 a6a2505b8b89a895922ad6dc06d2ce620cb51cc6582c1b7e498a9f1ee1e4e47c53ebc4f92f8aa37532d558667225e30574732c9fe7187153a262c933893e4285

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search37FH11OA.htm

MD5 f954f48d168180d5994e19f7d12f724a
SHA1 18450c541429ff51a761ac22fe14522fc1c46ddd
SHA256 612cc267ec91fc244dc74d2a8bed3fe58faca7d2c425c8559e65043cb7114b93
SHA512 7b33340b2a288df22472a1a7efcac73eb6d57adb6994f14e3263dd613d9b275d76e01523a04a2ca386e57b6f7ecdf7bd5e432c6c44dadbabe748aeb9b6f4ddd5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search71VBVY3A.htm

MD5 9956c9b07221eccef6c6a140302fd27b
SHA1 3d0664919fe3ee9707705d337525a4bf2fdff819
SHA256 a640fe89f2076e72cc01619a2a86ed2286883fae7520c8bb9c9e213f390a6792
SHA512 9b442b7460416639a5c7cde5cfde7e867671b515d8ff0ef088020d0dd4b6c756732a8622636caf8b3c49a76ce1a0af5c12063bb05a28805b22ca479851b49414

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\results[4].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\searchE287CJJU.htm

MD5 b2d2d807fa0b2dc3a25fe654f028b4a9
SHA1 92592c89cbca3ecd5582a5a377fab49ce74c4b7f
SHA256 2d96e8358c8d2f12e10bb4df5982e58480ebc8a42eb7bbf711fdf5845cd8c8fc
SHA512 83c841a7eb74cf982330d71b78d82c158e804f2608f4e1512320fd7678b032ac38d97aaa99c38cb85e6073ecb68b23b7ac3519178d0b5aec63286df6dcca6cb7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\default[3].htm

MD5 2c4ce699b73ce3278646321d836aca40
SHA1 72ead77fbd91cfadae8914cbb4c023a618bf0bd1
SHA256 e7391b33aeb3be8afbe1b180430c606c5d3368baf7f458254cef5db9eef966e3
SHA512 89ec604cd4a4ad37c5392da0bb28bd9072d731a3efdd38707eeb7b1caf7626e6917da687529bf9426d8eb89fab23175399032d545d96ab93ffd19dd54c02c075

memory/1848-603-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-604-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\default[3].htm

MD5 508818acce24830b5413fe903e5bd39a
SHA1 2ad6965dc5cc0806ac2ea444546817d072fdcc21
SHA256 15868a78153b001d930afca62faec285beded3caeba1f7b95526809327fbf95c
SHA512 6d64df6bfe985414e6233171c23fbd1643786dc10296c191d70490f261ce6e4e2c9b581e0755fb63c5b7fb3dcaf7274ec670b3186284056244a7c726b23cea64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchESFQJD6O.htm

MD5 483133b5621f5363d91468484caaf4f9
SHA1 abfab5b2dd023edfb49f2e8f85a84033ab1f8251
SHA256 246f0e842c88f5fa359af7421afe271d6dd8f0244142c1fe85c8e5665f5cf635
SHA512 efd598eb75728515959c10ac65137612f07bf1980c8aabdc9967842fa3b53decd932b9b7f0f920d975eadf81dae93888915a4d8a2168ab70fc6841d7fe66a6bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[9].htm

MD5 834e568aeb31b185952491b5e9448d59
SHA1 31ce515597f4bbb4d28f0bc3cffc85d3fb3fac6d
SHA256 f983924d3a5ed122c5688429ff0a7c7efa9932e3e4f9f07d4b3dafcfc5b931a4
SHA512 d1c0eab9e7dd5f6012f464044aa193135e0e86ef31279e7cb70ad42849b9707080c50e8fdc8eb8911f07dd56523ff00fadf3ae025dbe8ad84d7c83902595ce7e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchVFZPLOWM.htm

MD5 821916f237e2185e34d394c88f69dbf6
SHA1 d454466ba049fbb319fa543fdea573f6e158ab55
SHA256 786f13ded2387ba73d63efd4741cd8b776d5791249ac97991b33c3452d7a3ae7
SHA512 36a6f196b5ac56f23874ca804909e35fcb0a716879b734eab6f1f8b840b03f482b435847f939f9ca19d93d5dace7a01cea1268d75686ff2c5df83538b2e4d80a

memory/1848-788-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-789-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search96ZQPC9M.htm

MD5 fa20c713f9bfbd9189ac48ed2f27b4f7
SHA1 9da78e5f70917ad32e854fc0d1cca38a0a3239ff
SHA256 4e79ec356522597c3d14cb8b36c1ea5043537ff1536cd7137d5414c05a3f0458
SHA512 f54c0c2595525c32861c52a8ff581880db94237bf7a5ab26bbcb293403fb4f4fa113cb9f12f5735c8d33b750c67ec666c089d5318fdf0c2210f2a891b9677dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search7R65B946.htm

MD5 d7f0fefa6fa8b92290106324254edf28
SHA1 d4cda4f93efcc5be15d9b182b7145a704666e298
SHA256 07254ab51917a43fb605e9f08eceb6a41a9f3025a6001bb9b6d4232939e75187
SHA512 c6dab0253e9e230e2d2e2c795fbe61a970a3b82af5b6462f69420ebc800bc2eda8ce8bd0ed9339e5e0f42bac54a57b589a7f44644db9175c2864d44a4990540e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[8].htm

MD5 ab7421802af48230da4837d84ca54208
SHA1 ee1036ca523fe527c1e4ff585983f59720d07e3e
SHA256 87937d2d6d98641310a5ac9d849a483bd192318a197d352d5db7b074f926c944
SHA512 c690cd667ba4a7f339c74276cdf2400ba8ebaa348ca83e2cb1ef26413e41a0ab96d9b6e13e697b3472ece4be2c85d2591977679383c43f4f55a40ab06476736d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchRTGC09WI.htm

MD5 443d69f6f9eee20fa47df96a711fd96d
SHA1 b00c692e00ccbe07e62c61920577567f540bcbb9
SHA256 1b46e0e17b0d409ad21221b9ee88863d3cde4e34a617e9de48a3b2a1288cfa02
SHA512 ebff7e6ff19fea7c75a914a4ef74ea274e7ccef769b31451a7ea3b0744b89c9194207d25aa74884542507976062e5c01e1527559588ab5d749d7fbaa628f5d46

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\results[7].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\default[1].htm

MD5 46e42f26c7218d036d9d0608bfc83bbe
SHA1 9d6b068eaed89ceedda9e02e59cffdbdb8eb0207
SHA256 5578c64b4212b92c66773c8a2734fb1bcdc9a97d809417589262a5daefa866ef
SHA512 4fcc58402739d520c04d65b54584c4f0267779d244a73b22a2ed3bc502ae991524a7aaf768e30fdaa7c88803270f8494195ebf7aefec51624eeaab80df47083b

memory/1848-944-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-946-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\default[5].htm

MD5 e78ad40a5b69c78f72234320f451cdd5
SHA1 3fee199037ae9d6ba57e011ed8761cd42c5e5897
SHA256 a6767cf522f21423bbaf20e10625aec518fd9c7aa961780fbe1426c8c9f71540
SHA512 7c19281e8c85097da1000c7a124f4751fa05be2e374ad017bf4e79cb329ed3e5496f1a64e37fb73b1ec87cc757067d143ba4b172d48124effe32b88fafbd851b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[1].htm

MD5 4d1a10f22e8332513741877c47ac8970
SHA1 f68ecc13b7a71e948c6d137be985138586deb726
SHA256 a0dbc1b7d129cfa07a5d324fb03e41717fbdd17be3903e7e3fd7f21878dfbba4
SHA512 4f1e447c41f5b694bf2bff7f21a73f2bce00dfc844d3c7722ade44249d5ac4b50cf0319630b7f3fdb890bbd76528b6d0ed6b5ad98867d09cd90dcfbfd8b96860

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d152de4a95085d5e39dcdfe3212d5c0c
SHA1 6fae75961b6ee5cac0400fe5b87ba1ae9196560a
SHA256 0c6febb94bef260a7527c4aec57ad7c69758d63c6f31c05acbed69667550677e
SHA512 747c0cc49346a974f6e2d3e8bec1177fc51a7229555ca729efe20abaa73fcefc37184164f2f62728825ce511ce6c25f5c0003022d2e9edebe055d9afd892ada3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search2IX1YVIF.htm

MD5 8c832c743927e8df4cea043c5bf14b4e
SHA1 a8d050c586c6b6d1b53a6ab231656b67d1886b05
SHA256 a13564b9a19aaa62db32826a2b9410e244899bab6e5c9e93a12f562484f249e8
SHA512 224216481600958449646ae1d8319ae8c18dc5a61f84d2ad137e8266acd4c8938c71eacd7578d6451f7c9911c90d2c2f55b074ae7bfaba41148e7fb49e343f20

memory/1848-1097-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-1121-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\default[6].htm

MD5 4f7d55394fcbdf1ad07e02c4004eab2c
SHA1 e416c6ae554236c9e6ac2c78de80b2beec8afa69
SHA256 90d0438054b57931e78404b01a5f0f60249762caee63220b782dce9c6b294c8c
SHA512 0c13bb97f2ce0945818c265cd31b483004bc001cf357faf871aec0c3e8b7277b6dccfb5b994e577d9e288b8facbc5af41b4f2dc87169c3854a16c43fddc15c7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[3].htm

MD5 8e9bfb168fc050af41d280ba63fa35d5
SHA1 227c6a1132186391a0f49d76215f4b7cf7043684
SHA256 75fb184ef7582b40147ba5431c9a5010c880c93867e0280e908f87273196f115
SHA512 8ef9d5c9423476502a9ea94c629f9533ce9ad3340671808deab371303e942dbc1c9b640d72a9721fadebf39b627f5cb702b2dc98cd97bd8c54b2e778bf6b250e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\search51PGYDWF.htm

MD5 08722c612d2d2e4c77336a8ad7003443
SHA1 6c6b2274fb5a8acf5b457b821377981e45ab53f4
SHA256 12a02a9c5ffb11ffa08f766778527e01c2d75988463ab1803dddc1f833bbd36b
SHA512 e7e16f0af6644796628d0c266b0ada03a35e7e59a257b2c2752e642a6b27bd35794a4b16c9b7b76133bf53b25ae7d9108751161197150f37fa9e29d27bac0202

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\searchWYJBQQQM.htm

MD5 1210df0968929738c4896fc5754fef0b
SHA1 8e14f007444f001da0baa78347b2d4e4a00c6220
SHA256 3f2d5d410fdb1f4930e1c17bf1f0ef4183aaea59ae969120afcb9fe585d02ef9
SHA512 e033d23ab98fe86d0408d205060fdcbb83a065eadcab63862987b2f36c495f5591fcbe9e6dbe0a01b8bdc2d9a4882361a7310d6aa7f1b2565a7f555a897debd9

memory/1848-1295-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-1296-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchVN8N7UE3.htm

MD5 3abc7cc32a83812ed5348e157bf9d005
SHA1 94caee6a436ddf09478ba98b6c26c8b3fd61cd30
SHA256 386f5fe94a0e892a978e4cec4070e3eaa7674e82eaf0b749e0f32f75eb01a1ba
SHA512 5723b0d63094699e95e3472484663b11f5906ed6595667701b312c92f5100817365f4a30a6847640ae2172dea4fdd77d55ab1bd5108bcb573608a51efabe3d3c

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 b8a829ee42663f02baee409bd81f8a42
SHA1 5e7072e3edf1bfa4d174bf2589a5da5f2700c22a
SHA256 500264b1026c748cee2d379c860e60681e2fc11f8df89b0c30cc94e2732070dd
SHA512 3e6e0e4ad94f974553bfc6aab2c593363c4821aeb1de0074ad7a819dc484cf5e39a7304d74be0d1f18ac034bc0df7a90eda2a25769a3971f90521debd5dcb5d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\searchZJ9048V3.htm

MD5 fccc12b2e6cc053b09c45f73e7acb2fe
SHA1 2a7e0f1edc13e167ca9617597f0154de3148f9dc
SHA256 960a92aab6635096691f69a07332fd4fcc3f96f2573d21319bf3c144d90ff634
SHA512 687b68f100d6fc1148554635ba2631c79a26875078d9c960127def1fad30fc0fa337197e4ecf01d6406ece8d68ba02efa3968e07b5baa87745831b50c047a48a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\default[10].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

memory/1848-1445-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-1446-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1848-1548-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2044-1549-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f079a0588f7c02191bae547c855686fd
SHA1 d61fe963157c8afe5054da94d6301b7b32f5fb44
SHA256 17e2ea67e063ff40a5d840542f65f8a246ed2b8d55f7c29d93bafe260f28c0a9
SHA512 9c1f2e3627cb051dbad9c07d4702e48db3f74cf75b0dc3ed1bc0acc37bcc81edd58643e8c02bbfb60be1fdfc625ceed95b507ba9a272c4a970bccf529693385d

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-01 10:17

Reported

2024-07-01 10:20

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.78.106:1034 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
IN 4.240.78.157:1034 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 15.124.29.93:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 acm.org udp
NL 142.250.153.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 52.101.42.16:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 16.115.192.158:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 hachyderm.io udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.27:25 alt1.aspmx.l.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 16.48.65.121:1034 tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
NL 142.251.9.26:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 74.125.193.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.41.55:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 52.101.11.2:25 alumni-caltech-edu.mail.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 155.208.210.76:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
FI 142.250.150.26:25 alt4.aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
NL 142.251.9.27:25 aspmx4.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.222.194:25 outlook.com tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 8.8.8.8:53 coloradotech.edu udp
US 8.8.8.8:53 mx2.hc3950-10.iphmx.com udp
US 216.71.147.46:25 mx2.hc3950-10.iphmx.com tcp
IN 4.240.78.199:1034 tcp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.241.178:25 smtp.outlook.com tcp
NL 142.250.27.27:25 aspmx2.googlemail.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx1.hc3950-10.iphmx.com udp
US 216.71.149.25:25 mx1.hc3950-10.iphmx.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 16.188.129.22:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 74.125.193.26:25 aspmx.l.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 tcp

Files

memory/3680-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2532-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3680-13-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2532-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2532-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2532-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3680-30-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-31-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8fe576d39a7cbe394c1d0c59764d5a52
SHA1 577a7d171aaf06b40b8ff4b6d636d6bf8c305e20
SHA256 40612919342a2c08950c674723fa97f0dbd7b26287eeef83b25f646bbf43df06
SHA512 4dbfb88ebeb47cd59e9853093ac93e32b025d42e03912116bde76dce50c817bbc4648a5c064535bc9ac05be758b4627e0425f7e00814575117119faa8ad4fece

C:\Users\Admin\AppData\Local\Temp\tmp1A0D.tmp

MD5 2de36d2ebc4d172183695395b713663f
SHA1 149482596b0a0d7aea4f104fe453482cc362ad55
SHA256 2f10f343ba2e07c514838479edcf1a53ae4b49048eea21c15492212a234a24ce
SHA512 49e4b022656e5a1d82c2a6f0c5f1d70093cbbe4ac02a73300a6b949446025d2f1aadda3d8168d5f13fda8c8ccb0b520f5a033b34204d708e545c3ff58ee10265

memory/3680-118-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-119-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\search[4].htm

MD5 3231e809c8454316890d88f752b76c8a
SHA1 eb5f1a000894c0889b66ddb63d4a1d5000f7deb0
SHA256 77d5abe3f4f423ca49ac0daba349979686f0af1d08cfa9d283bfc0831199d204
SHA512 95f881cf2457def0c63cc6d6d13ad8d9eaf4505f1376aab47899ad088c39ceee46ac07309a94a89e1c1dbb083d926060afe8b7f8a09153fa909ce177e0408532

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\Z3WOAYG7.htm

MD5 93d54c5502222cca201bdd9da388ce67
SHA1 6865d285ae0f0a8f5ed1d035ec662ad6d0c635a2
SHA256 88bd1cbc72a0e8157deb2d712dcf127aa81e8502732f7b2f663943f9d9dc6650
SHA512 51305a43c664bdfa910f882ce0f9655d9e353a1ca556dfb2de1dece8d48e6372b20c078032950f4da69fea3c501bf099a7237788bf2f3c5ed5212d577dc76e58

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 44664f90bb5028b30e1e8877e680eae6
SHA1 01355b0eadef6d71700f3985adaba67611f3879b
SHA256 07b0d300e61f05ad5ae8e94004f9fd316d8b85a7c8c866a1f5cf02a8537c02d3
SHA512 b81d91926598b346189f461ad70d3a8d7a59cf03cdcbff39abd425a4de0eff2dc72c935f863917122ea868c7452e760de07520cefd7f9335b748a39e3204e225

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\search[6].htm

MD5 9e97c1ee9e22b0e0edbc00192dbe167d
SHA1 61c264b557f3fb57cb093dc586d0ac34395d4be7
SHA256 14b063f777c4b04a1d542020c7b0d90ae04c58184ee613358f9105f7c8230f33
SHA512 3f0dff3673b4f5130f557657ecc75ff16b1e5b6bc090c832264b99d288ec7453fc36a416aef6ba36f33e940e9fb94b0507ec45b6840984ea5464383aeacafa7e

memory/2532-212-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3680-211-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3680-215-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-216-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3680-220-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-221-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0f0b338adbba8ea07dcd664029e32541
SHA1 e83bf16b0ff3b2a31701025d776a449f20923b8c
SHA256 e22602b4d8986742dfebb6b566685bdb778addae356eda1724c8dc98b29e60c6
SHA512 84a105c3d46a345c23196d2c04d73688d8ec9c07d4a6d40dc8bb2c028e5c06c8a74b79a2e2d755449eb43fad47d4236536b5653106a047e758723f5e4032f5bc

memory/3680-253-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-254-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[8].htm

MD5 a229ae553e4ee3d77ad200df7e4dd9a5
SHA1 4243e3f64e4faa2ce94b72979a23607752fd5cf7
SHA256 962412f4fe112ab1e7d134c93c0cccd547be1a6c52c3271bfa9a0292bcdf3750
SHA512 e5dbf62ae352b348606b9eb123ce6c133e55e2cd6236ea6a84d0ea7373163fd75e8f25e7ea22d90b5da785f857836744066643e7cc1bea36cd135d31660e93a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\searchJWA46QPU.htm

MD5 4fc98b3479ecce8314d3e038da145897
SHA1 df44bdca97320624a9ee6be084e4de12ea06838e
SHA256 1af4f2a3f94597ea2a07e94a347250809eda6cad3a86dfd10550258f4b84db93
SHA512 ca805e12f7a64bc98cb6f701a1484dc52dda063a575438fcf8fde251dd113083e5f76a00b3ac7c1bc71de37cd513cc456f8043cb0b0022c93c07b346e370415f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchNXF3OO4S.htm

MD5 18644885ed63992ba4538578ff625aa0
SHA1 891c5faca9a4fe50809547ed9d754758cb1d6926
SHA256 5fb4d4ce507e7e4b2cf174474c1170a182eac1994ddffda89fc5e6a56189e8b7
SHA512 0283031b2b8f76fbb849d1a293bba07d1ed25392e728307233946e7459eb600d9867564ea269f7decb4132a894afa763865ae8ef86c9ff87677b9a933bc6ed8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\searchIMECQPQW.htm

MD5 15baee50df2f5391c928c6b2e61aa0ca
SHA1 733822fe9beeb3aa7e10c476f3079118eb3883b9
SHA256 3f0ad5bb9a8ca5114b0abd78bb90e8284e3b1169f1c0a69e858dfc9a7aee72d2
SHA512 753efd581be59528158f132fa10ac23a521452ecd734cb3a83861f90ba744d46405c49cd7d7de8ebfb2a68a377c8a108cbd38538902e1e6314f43d50e48deee0

memory/3680-374-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-375-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3680-379-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-380-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d0909f900bbea20c3cc1a89f82545c7a
SHA1 7f5129c8168daa9297b10b9fd8a12e8915a2005f
SHA256 47dfb254e0f6394dbdb72ca06d00dfdff680c3d82e9ea6a950d7c31ee581edc4
SHA512 4cb23c24918ef51b796681d6da3ad953215d50c001119897bf04b3cac40828b3408effde9a280bd2d1bcde74730788625d69c3bc34ab1aa25380b74b4ef84b59

memory/3680-390-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2532-391-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2532-395-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 7b3b2e4717f2d73cac16d29a85e42aab
SHA1 1e4fb08882eb186e421effc04335094777575b12
SHA256 7f2fb20303e83c7b6964e28d520bcb638f19ef23706374b38be8a93346cfbf31
SHA512 7f1d395afb5192f28968babf4136a4fa4644afd8e8b22ff1ce614386e3eaf51cb4edf5dce66777a0eaa3e6f8480da11770c6334eb53b0260635e11909fcd9420

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[1].htm

MD5 9cde11fdee0118becaf0a0430f499809
SHA1 c789eb7f4031669d4f92d824cfbe9d4a68938253
SHA256 b835ae705e79fcdf9f512738a82dd910605794187f02e1b05dd0a0b776bc64ea
SHA512 29bc67f1bcd269c041eb714dadbdffe1aa3260e69c73420c5b66a0ec3ad3cfc240b03579919e9b13b9f233f9cf4fd51b784fb80077632b18b274fc5a49398ca6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchXI03F7SG.htm

MD5 46e51db93a4bd83695fc409363e3caec
SHA1 afa952aa0f6cc023c376274ec0ca30d3788ffca9
SHA256 3f09bb658a728d0cae2d989fc850246713fb70d434b60ee3f62cf160af8b8535
SHA512 749d03b579e4329df464da2ebdcb3f7d96828b9bea3ae7c3e07d1ebd91c33b80c0351c17efdd87078f287010ec7bd2b5d551b1ed61dbed3dedf819a7988251ae

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\results[5].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchPJJ5Q7XZ.htm

MD5 8dce27fc02554a58e25140de102e5e44
SHA1 8fe548d3608115cd72cb49f20d94094e9272fc36
SHA256 ae54e4217a53265c07be756bfddd253b70acfe1085363e389d89c3af1fb36114
SHA512 a6f15c69fb517b0ab0eec4b44a76d8007b8688c553426a856eb3e8ef799c562b6eb2a0055efc9666c574e0dd9fb7921f5a108bca754070abae3165979cc9c2bb