Analysis Overview
SHA256
d00581052c8624d968f1af763c5815ea2948748942cf67c8fab021758f636b2f
Threat Level: Known bad
The file 1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-01 10:17
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-01 10:17
Reported
2024-07-01 10:20
Platform
win7-20231129-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1848 wrote to memory of 2044 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1848 wrote to memory of 2044 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1848 wrote to memory of 2044 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1848 wrote to memory of 2044 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.78.106:1034 | tcp | |
| IN | 4.240.78.157:1034 | tcp | |
| US | 15.124.29.93:1034 | tcp | |
| US | 8.8.8.8:53 | 126.com | udp |
| US | 8.8.8.8:53 | alice.it | udp |
| US | 8.8.8.8:53 | mx.tim.it | udp |
| US | 8.8.8.8:53 | mail.ru | udp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| US | 8.8.8.8:53 | mxs.mail.ru | udp |
| US | 8.8.8.8:53 | 126mx00.mxmail.netease.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| HK | 103.129.252.44:25 | 126mx00.mxmail.netease.com | tcp |
| RU | 94.100.180.31:25 | mxs.mail.ru | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 23.63.101.171:80 | r11.o.lencr.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 16.115.192.158:1034 | tcp | |
| US | 8.8.8.8:53 | tim.it | udp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alice.it | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IT | 217.169.121.227:25 | alice.it | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 126mx03.mxmail.netease.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.ru | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| RU | 217.69.139.200:25 | mail.ru | tcp |
| HK | 103.129.252.44:25 | 126mx03.mxmail.netease.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 16.48.65.121:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | tim.it | udp |
| US | 8.8.8.8:53 | tim.it | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IT | 15.161.156.80:25 | tim.it | tcp |
| IT | 15.160.73.215:25 | tim.it | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IT | 15.160.73.215:25 | tim.it | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.alice.it | udp |
| IT | 156.54.69.9:25 | mx.alice.it | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 126mx02.mxmail.netease.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| HK | 103.129.252.44:25 | 126mx02.mxmail.netease.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 155.208.210.76:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| NL | 34.141.161.132:25 | mx.tim.it | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 52.101.42.10:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | coloradotech.edu | udp |
| US | 8.8.8.8:53 | mx1.hc3950-10.iphmx.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 216.71.147.46:25 | mx1.hc3950-10.iphmx.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mail.alice.it | udp |
| IT | 156.54.0.101:25 | mail.alice.it | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 126mx01.mxmail.netease.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| HK | 103.129.252.44:25 | 126mx01.mxmail.netease.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | telecomitalia.it | udp |
| US | 8.8.8.8:53 | mx-pm1.telecomitalia.it | udp |
| IT | 77.238.27.164:25 | mx-pm1.telecomitalia.it | tcp |
| IT | 77.238.27.164:25 | mx-pm1.telecomitalia.it | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IN | 4.240.78.199:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.tim.it | udp |
| IT | 156.54.0.101:25 | mail.tim.it | tcp |
| IT | 77.238.27.164:25 | mx-pm1.telecomitalia.it | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx2.hc3950-10.iphmx.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 216.71.147.46:25 | mx2.hc3950-10.iphmx.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.alice.it | udp |
| IT | 156.54.69.9:25 | smtp.alice.it | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 126.com | udp |
| CN | 111.124.200.204:25 | 126.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx-ac1.telecomitalia.it | udp |
| US | 8.8.8.8:53 | mx-ac1.telecomitalia.it | udp |
| IT | 77.238.27.180:25 | mx-ac1.telecomitalia.it | tcp |
| IT | 77.238.27.180:25 | mx-ac1.telecomitalia.it | tcp |
| US | 16.188.129.22:1034 | tcp | |
| IT | 77.238.27.180:25 | mx-ac1.telecomitalia.it | tcp |
| US | 8.8.8.8:53 | smtp.tim.it | udp |
| NL | 34.141.221.156:25 | smtp.tim.it | tcp |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| US | 17.57.170.2:25 | mx-in.g.apple.com | tcp |
Files
memory/1848-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1848-9-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2044-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1848-8-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1848-17-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2044-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1848-24-0x0000000000220000-0x0000000000228000-memory.dmp
memory/1848-25-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2044-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2044-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2044-37-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d520c3d6547ca912382e04c7b4c9368c |
| SHA1 | 964a6c4969a6765206bcb288ed73852f23d2e981 |
| SHA256 | 51c92fba6b6fe88dd10e4aa7c0e343415e592ce7cb7ecdc90d84ae63e38f8840 |
| SHA512 | d9948f5fd523361c269e6bed7d6be6dcb19f49bf3c6bb9112c28b1fef5d615f449ffd409002c869d0bcd9656acd6586a298ca78539ec78513a5901828eeea580 |
C:\Users\Admin\AppData\Local\Temp\tmpF6E0.tmp
| MD5 | 58e33742aa51ad495cea2e3709a9709f |
| SHA1 | 457cb938bfd77c5173759cb5b6c1d422c2fbfecd |
| SHA256 | ec709f5cfacfa9eac3d8e4fd01ce69d76ea415f03e94da2733ae1ee8c9669429 |
| SHA512 | caa8866b26b84b68a6ed5314bdf6d8f742d9fb52251ad762d95ad7949554fc0a29facb1750d25f85e3a5c58e39da472a3fc502906f5d77d3d2bb36cfbdab098b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar23F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd6f4bd84bacceb67a56229fbbdccb24 |
| SHA1 | 4438792ceb4fe1fead500fb10fcb9146870a196a |
| SHA256 | 9e0749c44677b6de599261c76f0365d4c7d765316a7a087b156eab05562335ee |
| SHA512 | cb926a32f7743c9a724c423e5d4838cc2b7f4829815cb580141ad19a30121a5a58d4ac0ca1ae4c3fb0cd7a979ff1b4b2e86987e233bd747e17fd648142d12147 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 03c6018a18e4bbc327a78657909cc724 |
| SHA1 | 50f743071ed359e64062193ed099f59b2b3d3b19 |
| SHA256 | 3bd01a843250ba7637f01094a5107ba1e7f3e718879b9a6b64c5df67782eb51d |
| SHA512 | 60a9a2ebdeddc1bdc0fcf82a58aa6ae19eca1ca098e5fd190a15732a90a9b78307211e493ab176675d2124eaf5f898d86fe8422558e4ee565b8019a1f6819a13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\072Q12EF.htm
| MD5 | 557b66d4691a143edfb45830b248ef95 |
| SHA1 | cef38a07a1e2dfecf2dfa77e31788e8cbfa139ab |
| SHA256 | 5bf3261e6d935a3cbaec4ab3a2b695ee1e5c181dc3ffb9daa1f44896fbe160d7 |
| SHA512 | 46580af722020c1eb02607dfd98d544d4339304d884d64fc2d663429e834296bc850bb5c6ac0b0f8c2ee2c5fbe375395b6badc61bf7951926daaf5166c65949d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/1848-195-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-196-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\UC1QW67R.htm
| MD5 | 93c71aebd727ad504555347500bf80d2 |
| SHA1 | fdcaf2bea9963535051bfdc1b448faedb0392398 |
| SHA256 | 84960ca6c6b0a75316d12a65c115e481669d61fd070ac1212517e7fdd81155b4 |
| SHA512 | 68a70343f6fd06900ad77ecc56081b53b6f1115ae58213ea028de84ba57a4fa7155ceb297ec3ff91e2a3dc6f7fd80911a7a4dd9e0580e3c6c861972480ac5a2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search[3].htm
| MD5 | 75b333435543ea1f488d1dd14ce9e0cd |
| SHA1 | 3a678d7f0a6e9edb3d3afbf6b73e9046fd544bdf |
| SHA256 | 8a2bf6248006b646e96dac366595ff6182bf98828ab6828ac63988aea9ea3858 |
| SHA512 | feea866912a98b51388c56d5e238bcd4a5f9d8ed3d590e000efb2b2d92212f121830462ea64089dfe6063cf221a1abf5a55aa5fd7325c6c15d1f66798323520d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\MG3PFSGC.htm
| MD5 | d287f41e0afb7f76f78039c6344353c4 |
| SHA1 | a77408c0e45416745d55861bba72b8a5242a8f82 |
| SHA256 | 3b522a06c5287af1ade5ee3665b5ff0bf5bcd3cbb30258f3a9c36192fa543bda |
| SHA512 | 03d094563b86554f561c1ae3a687e5ea84e42d2b5df2cb24651d2e98a468cacfc8b9a7a0be2521c8c6b625b394c28b4602e4f0e4fda632eb94cab7e6c6aaf804 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 1761520b7ab75615593bb927befcc2b7 |
| SHA1 | 3299564188c413b53f8697cc42f88767d7a9e069 |
| SHA256 | 9e3e1241965693198bf211b74dbdbdc81bd292c8bf827ff9bd57969b12a31176 |
| SHA512 | c9b8eb81a88fa49732b3ef9c9e854851a0a1b6309651439f028364b6c5f6eb6b26d9e9092dea5117724d9f65b72c62c81349242974fd028fb4b2e112b6fb4d17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search[3].htm
| MD5 | c51481664dc3dccde562b0ccd47d326c |
| SHA1 | 3a7a31fe637f482e3d3219544cff1b909c546753 |
| SHA256 | 1d9bc25a4d8148ac8766bd95f84850b897c0f5ffdef35ce7b53892533118c936 |
| SHA512 | 912cf919536c0da74392d46b7df0592bfb963c3cf8cf90ab1afd7b4cbe8e241648e3d2ce5559e9d5eb9d5b5a4e3fa1c744b406892eb4755758734145e2f33d2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[6].htm
| MD5 | 6733507b3e684b2b2ad9159c8d1c09f6 |
| SHA1 | 5c83241733024e4841deaaf14327e2958285b4a7 |
| SHA256 | afc797a854d587f0cc9a3b2a723ac425fe22544c12c33c304e024c0e3abd797c |
| SHA512 | b3d8ac4c2056b832c59f83499d0c82becf797036c12384d05c90f84ae774a28e9581a6524eb1c8250537cb6b2892fc855e5310d01db343fc365d68bcb6366c7b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search[5].htm
| MD5 | 5e5db5ddfe5bec6195ae893f9c390128 |
| SHA1 | 17fd0b02e3866dcce4c7359140fac11991bce65e |
| SHA256 | 70b0bd54b976ce82b8646588f318ce7ee8637cfb7339281114a9356c6b189898 |
| SHA512 | 74af9c0e413e71f493bea0207a4028e9717c170f69e9f30a150a22637cd1a2db2504ea6e660bf9820154750766b171f5515ff825bfea2b18686327b79a977a38 |
memory/1848-404-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-405-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search7OTN0I3E.htm
| MD5 | 72e7ad9013525eed3d0f3d8346fd17a6 |
| SHA1 | 985a982f8ba28ae4cf1d8dd0738c9c86e06c4099 |
| SHA256 | d37b80d0e9a3882306435312e8939bea038a21721be930dc7205b47667672c5c |
| SHA512 | 78187973aa91cbce4950c0d223d6ac93ff5f1be15c1cf31bad266e7267594bd24ae11a62f4ea5c12dac4406438ada2d2dd2afb2c4aec87b0a5062a8764f243d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search8VJ2RKHO.htm
| MD5 | 74e21e232807255cc73c85e99cc9eabb |
| SHA1 | 6e36d13479d503d726ad25098e4d5a9d63c1ee18 |
| SHA256 | 58f26ae720c9e83d294efd9b0ddf7286c35e5bcf2db78f48432db26e451ebbfb |
| SHA512 | 6f0e91b099eaa476a44ebbebce5c1ef850e84c154f754e6302eb23d06eda345e38b64edfdaa6914915e59d992572fc2585606e79e73184beee16e74eb3809529 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[5].htm
| MD5 | 605de1f61d0446f81e63c25750e99301 |
| SHA1 | 0eaf9121f9dc1338807a511f92ea0b30dc2982a5 |
| SHA256 | 049f75dee036da00f8c8366d29ee14268239df75b8be53aa104aec22b84560f0 |
| SHA512 | a6a2505b8b89a895922ad6dc06d2ce620cb51cc6582c1b7e498a9f1ee1e4e47c53ebc4f92f8aa37532d558667225e30574732c9fe7187153a262c933893e4285 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search37FH11OA.htm
| MD5 | f954f48d168180d5994e19f7d12f724a |
| SHA1 | 18450c541429ff51a761ac22fe14522fc1c46ddd |
| SHA256 | 612cc267ec91fc244dc74d2a8bed3fe58faca7d2c425c8559e65043cb7114b93 |
| SHA512 | 7b33340b2a288df22472a1a7efcac73eb6d57adb6994f14e3263dd613d9b275d76e01523a04a2ca386e57b6f7ecdf7bd5e432c6c44dadbabe748aeb9b6f4ddd5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search71VBVY3A.htm
| MD5 | 9956c9b07221eccef6c6a140302fd27b |
| SHA1 | 3d0664919fe3ee9707705d337525a4bf2fdff819 |
| SHA256 | a640fe89f2076e72cc01619a2a86ed2286883fae7520c8bb9c9e213f390a6792 |
| SHA512 | 9b442b7460416639a5c7cde5cfde7e867671b515d8ff0ef088020d0dd4b6c756732a8622636caf8b3c49a76ce1a0af5c12063bb05a28805b22ca479851b49414 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\results[4].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\searchE287CJJU.htm
| MD5 | b2d2d807fa0b2dc3a25fe654f028b4a9 |
| SHA1 | 92592c89cbca3ecd5582a5a377fab49ce74c4b7f |
| SHA256 | 2d96e8358c8d2f12e10bb4df5982e58480ebc8a42eb7bbf711fdf5845cd8c8fc |
| SHA512 | 83c841a7eb74cf982330d71b78d82c158e804f2608f4e1512320fd7678b032ac38d97aaa99c38cb85e6073ecb68b23b7ac3519178d0b5aec63286df6dcca6cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\default[3].htm
| MD5 | 2c4ce699b73ce3278646321d836aca40 |
| SHA1 | 72ead77fbd91cfadae8914cbb4c023a618bf0bd1 |
| SHA256 | e7391b33aeb3be8afbe1b180430c606c5d3368baf7f458254cef5db9eef966e3 |
| SHA512 | 89ec604cd4a4ad37c5392da0bb28bd9072d731a3efdd38707eeb7b1caf7626e6917da687529bf9426d8eb89fab23175399032d545d96ab93ffd19dd54c02c075 |
memory/1848-603-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-604-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\default[3].htm
| MD5 | 508818acce24830b5413fe903e5bd39a |
| SHA1 | 2ad6965dc5cc0806ac2ea444546817d072fdcc21 |
| SHA256 | 15868a78153b001d930afca62faec285beded3caeba1f7b95526809327fbf95c |
| SHA512 | 6d64df6bfe985414e6233171c23fbd1643786dc10296c191d70490f261ce6e4e2c9b581e0755fb63c5b7fb3dcaf7274ec670b3186284056244a7c726b23cea64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchESFQJD6O.htm
| MD5 | 483133b5621f5363d91468484caaf4f9 |
| SHA1 | abfab5b2dd023edfb49f2e8f85a84033ab1f8251 |
| SHA256 | 246f0e842c88f5fa359af7421afe271d6dd8f0244142c1fe85c8e5665f5cf635 |
| SHA512 | efd598eb75728515959c10ac65137612f07bf1980c8aabdc9967842fa3b53decd932b9b7f0f920d975eadf81dae93888915a4d8a2168ab70fc6841d7fe66a6bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[9].htm
| MD5 | 834e568aeb31b185952491b5e9448d59 |
| SHA1 | 31ce515597f4bbb4d28f0bc3cffc85d3fb3fac6d |
| SHA256 | f983924d3a5ed122c5688429ff0a7c7efa9932e3e4f9f07d4b3dafcfc5b931a4 |
| SHA512 | d1c0eab9e7dd5f6012f464044aa193135e0e86ef31279e7cb70ad42849b9707080c50e8fdc8eb8911f07dd56523ff00fadf3ae025dbe8ad84d7c83902595ce7e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchVFZPLOWM.htm
| MD5 | 821916f237e2185e34d394c88f69dbf6 |
| SHA1 | d454466ba049fbb319fa543fdea573f6e158ab55 |
| SHA256 | 786f13ded2387ba73d63efd4741cd8b776d5791249ac97991b33c3452d7a3ae7 |
| SHA512 | 36a6f196b5ac56f23874ca804909e35fcb0a716879b734eab6f1f8b840b03f482b435847f939f9ca19d93d5dace7a01cea1268d75686ff2c5df83538b2e4d80a |
memory/1848-788-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-789-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search96ZQPC9M.htm
| MD5 | fa20c713f9bfbd9189ac48ed2f27b4f7 |
| SHA1 | 9da78e5f70917ad32e854fc0d1cca38a0a3239ff |
| SHA256 | 4e79ec356522597c3d14cb8b36c1ea5043537ff1536cd7137d5414c05a3f0458 |
| SHA512 | f54c0c2595525c32861c52a8ff581880db94237bf7a5ab26bbcb293403fb4f4fa113cb9f12f5735c8d33b750c67ec666c089d5318fdf0c2210f2a891b9677dde |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\search7R65B946.htm
| MD5 | d7f0fefa6fa8b92290106324254edf28 |
| SHA1 | d4cda4f93efcc5be15d9b182b7145a704666e298 |
| SHA256 | 07254ab51917a43fb605e9f08eceb6a41a9f3025a6001bb9b6d4232939e75187 |
| SHA512 | c6dab0253e9e230e2d2e2c795fbe61a970a3b82af5b6462f69420ebc800bc2eda8ce8bd0ed9339e5e0f42bac54a57b589a7f44644db9175c2864d44a4990540e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[8].htm
| MD5 | ab7421802af48230da4837d84ca54208 |
| SHA1 | ee1036ca523fe527c1e4ff585983f59720d07e3e |
| SHA256 | 87937d2d6d98641310a5ac9d849a483bd192318a197d352d5db7b074f926c944 |
| SHA512 | c690cd667ba4a7f339c74276cdf2400ba8ebaa348ca83e2cb1ef26413e41a0ab96d9b6e13e697b3472ece4be2c85d2591977679383c43f4f55a40ab06476736d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchRTGC09WI.htm
| MD5 | 443d69f6f9eee20fa47df96a711fd96d |
| SHA1 | b00c692e00ccbe07e62c61920577567f540bcbb9 |
| SHA256 | 1b46e0e17b0d409ad21221b9ee88863d3cde4e34a617e9de48a3b2a1288cfa02 |
| SHA512 | ebff7e6ff19fea7c75a914a4ef74ea274e7ccef769b31451a7ea3b0744b89c9194207d25aa74884542507976062e5c01e1527559588ab5d749d7fbaa628f5d46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\results[7].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\default[1].htm
| MD5 | 46e42f26c7218d036d9d0608bfc83bbe |
| SHA1 | 9d6b068eaed89ceedda9e02e59cffdbdb8eb0207 |
| SHA256 | 5578c64b4212b92c66773c8a2734fb1bcdc9a97d809417589262a5daefa866ef |
| SHA512 | 4fcc58402739d520c04d65b54584c4f0267779d244a73b22a2ed3bc502ae991524a7aaf768e30fdaa7c88803270f8494195ebf7aefec51624eeaab80df47083b |
memory/1848-944-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-946-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\default[5].htm
| MD5 | e78ad40a5b69c78f72234320f451cdd5 |
| SHA1 | 3fee199037ae9d6ba57e011ed8761cd42c5e5897 |
| SHA256 | a6767cf522f21423bbaf20e10625aec518fd9c7aa961780fbe1426c8c9f71540 |
| SHA512 | 7c19281e8c85097da1000c7a124f4751fa05be2e374ad017bf4e79cb329ed3e5496f1a64e37fb73b1ec87cc757067d143ba4b172d48124effe32b88fafbd851b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\default[1].htm
| MD5 | 4d1a10f22e8332513741877c47ac8970 |
| SHA1 | f68ecc13b7a71e948c6d137be985138586deb726 |
| SHA256 | a0dbc1b7d129cfa07a5d324fb03e41717fbdd17be3903e7e3fd7f21878dfbba4 |
| SHA512 | 4f1e447c41f5b694bf2bff7f21a73f2bce00dfc844d3c7722ade44249d5ac4b50cf0319630b7f3fdb890bbd76528b6d0ed6b5ad98867d09cd90dcfbfd8b96860 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d152de4a95085d5e39dcdfe3212d5c0c |
| SHA1 | 6fae75961b6ee5cac0400fe5b87ba1ae9196560a |
| SHA256 | 0c6febb94bef260a7527c4aec57ad7c69758d63c6f31c05acbed69667550677e |
| SHA512 | 747c0cc49346a974f6e2d3e8bec1177fc51a7229555ca729efe20abaa73fcefc37184164f2f62728825ce511ce6c25f5c0003022d2e9edebe055d9afd892ada3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D943UVCY\search2IX1YVIF.htm
| MD5 | 8c832c743927e8df4cea043c5bf14b4e |
| SHA1 | a8d050c586c6b6d1b53a6ab231656b67d1886b05 |
| SHA256 | a13564b9a19aaa62db32826a2b9410e244899bab6e5c9e93a12f562484f249e8 |
| SHA512 | 224216481600958449646ae1d8319ae8c18dc5a61f84d2ad137e8266acd4c8938c71eacd7578d6451f7c9911c90d2c2f55b074ae7bfaba41148e7fb49e343f20 |
memory/1848-1097-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-1121-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\default[6].htm
| MD5 | 4f7d55394fcbdf1ad07e02c4004eab2c |
| SHA1 | e416c6ae554236c9e6ac2c78de80b2beec8afa69 |
| SHA256 | 90d0438054b57931e78404b01a5f0f60249762caee63220b782dce9c6b294c8c |
| SHA512 | 0c13bb97f2ce0945818c265cd31b483004bc001cf357faf871aec0c3e8b7277b6dccfb5b994e577d9e288b8facbc5af41b4f2dc87169c3854a16c43fddc15c7b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\search[3].htm
| MD5 | 8e9bfb168fc050af41d280ba63fa35d5 |
| SHA1 | 227c6a1132186391a0f49d76215f4b7cf7043684 |
| SHA256 | 75fb184ef7582b40147ba5431c9a5010c880c93867e0280e908f87273196f115 |
| SHA512 | 8ef9d5c9423476502a9ea94c629f9533ce9ad3340671808deab371303e942dbc1c9b640d72a9721fadebf39b627f5cb702b2dc98cd97bd8c54b2e778bf6b250e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\search51PGYDWF.htm
| MD5 | 08722c612d2d2e4c77336a8ad7003443 |
| SHA1 | 6c6b2274fb5a8acf5b457b821377981e45ab53f4 |
| SHA256 | 12a02a9c5ffb11ffa08f766778527e01c2d75988463ab1803dddc1f833bbd36b |
| SHA512 | e7e16f0af6644796628d0c266b0ada03a35e7e59a257b2c2752e642a6b27bd35794a4b16c9b7b76133bf53b25ae7d9108751161197150f37fa9e29d27bac0202 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNORQ59X\searchWYJBQQQM.htm
| MD5 | 1210df0968929738c4896fc5754fef0b |
| SHA1 | 8e14f007444f001da0baa78347b2d4e4a00c6220 |
| SHA256 | 3f2d5d410fdb1f4930e1c17bf1f0ef4183aaea59ae969120afcb9fe585d02ef9 |
| SHA512 | e033d23ab98fe86d0408d205060fdcbb83a065eadcab63862987b2f36c495f5591fcbe9e6dbe0a01b8bdc2d9a4882361a7310d6aa7f1b2565a7f555a897debd9 |
memory/1848-1295-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-1296-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\searchVN8N7UE3.htm
| MD5 | 3abc7cc32a83812ed5348e157bf9d005 |
| SHA1 | 94caee6a436ddf09478ba98b6c26c8b3fd61cd30 |
| SHA256 | 386f5fe94a0e892a978e4cec4070e3eaa7674e82eaf0b749e0f32f75eb01a1ba |
| SHA512 | 5723b0d63094699e95e3472484663b11f5906ed6595667701b312c92f5100817365f4a30a6847640ae2172dea4fdd77d55ab1bd5108bcb573608a51efabe3d3c |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b8a829ee42663f02baee409bd81f8a42 |
| SHA1 | 5e7072e3edf1bfa4d174bf2589a5da5f2700c22a |
| SHA256 | 500264b1026c748cee2d379c860e60681e2fc11f8df89b0c30cc94e2732070dd |
| SHA512 | 3e6e0e4ad94f974553bfc6aab2c593363c4821aeb1de0074ad7a819dc484cf5e39a7304d74be0d1f18ac034bc0df7a90eda2a25769a3971f90521debd5dcb5d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R5E5LX0\searchZJ9048V3.htm
| MD5 | fccc12b2e6cc053b09c45f73e7acb2fe |
| SHA1 | 2a7e0f1edc13e167ca9617597f0154de3148f9dc |
| SHA256 | 960a92aab6635096691f69a07332fd4fcc3f96f2573d21319bf3c144d90ff634 |
| SHA512 | 687b68f100d6fc1148554635ba2631c79a26875078d9c960127def1fad30fc0fa337197e4ecf01d6406ece8d68ba02efa3968e07b5baa87745831b50c047a48a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5770NYP\default[10].htm
| MD5 | 14b82aec966e8e370a28053db081f4e9 |
| SHA1 | a0f30ebbdb4c69947d3bd41fa63ec4929dddd649 |
| SHA256 | 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf |
| SHA512 | ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7 |
memory/1848-1445-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-1446-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1848-1548-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2044-1549-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f079a0588f7c02191bae547c855686fd |
| SHA1 | d61fe963157c8afe5054da94d6301b7b32f5fb44 |
| SHA256 | 17e2ea67e063ff40a5d840542f65f8a246ed2b8d55f7c29d93bafe260f28c0a9 |
| SHA512 | 9c1f2e3627cb051dbad9c07d4702e48db3f74cf75b0dc3ed1bc0acc37bcc81edd58643e8c02bbfb60be1fdfc625ceed95b507ba9a272c4a970bccf529693385d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-01 10:17
Reported
2024-07-01 10:20
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3680 wrote to memory of 2532 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3680 wrote to memory of 2532 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3680 wrote to memory of 2532 | N/A | C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ae9bb4a5aac1852983e4c9d6bb8ee8b_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.78.106:1034 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| IN | 4.240.78.157:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 15.124.29.93:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.153.27:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 52.101.42.16:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 23.63.101.170:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 16.115.192.158:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.27:25 | alt1.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 16.48.65.121:1034 | tcp | |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 74.125.193.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.41.55:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 52.101.11.2:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 155.208.210.76:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| FI | 142.250.150.26:25 | alt4.aspmx.l.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| NL | 142.251.9.27:25 | aspmx4.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.222.194:25 | outlook.com | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | coloradotech.edu | udp |
| US | 8.8.8.8:53 | mx2.hc3950-10.iphmx.com | udp |
| US | 216.71.147.46:25 | mx2.hc3950-10.iphmx.com | tcp |
| IN | 4.240.78.199:1034 | tcp | |
| NL | 142.250.153.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.27.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.241.178:25 | smtp.outlook.com | tcp |
| NL | 142.250.27.27:25 | aspmx2.googlemail.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | mx1.hc3950-10.iphmx.com | udp |
| US | 216.71.149.25:25 | mx1.hc3950-10.iphmx.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 16.188.129.22:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 74.125.193.26:25 | aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | tcp |
Files
memory/3680-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2532-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3680-13-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2532-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2532-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2532-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3680-30-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 8fe576d39a7cbe394c1d0c59764d5a52 |
| SHA1 | 577a7d171aaf06b40b8ff4b6d636d6bf8c305e20 |
| SHA256 | 40612919342a2c08950c674723fa97f0dbd7b26287eeef83b25f646bbf43df06 |
| SHA512 | 4dbfb88ebeb47cd59e9853093ac93e32b025d42e03912116bde76dce50c817bbc4648a5c064535bc9ac05be758b4627e0425f7e00814575117119faa8ad4fece |
C:\Users\Admin\AppData\Local\Temp\tmp1A0D.tmp
| MD5 | 2de36d2ebc4d172183695395b713663f |
| SHA1 | 149482596b0a0d7aea4f104fe453482cc362ad55 |
| SHA256 | 2f10f343ba2e07c514838479edcf1a53ae4b49048eea21c15492212a234a24ce |
| SHA512 | 49e4b022656e5a1d82c2a6f0c5f1d70093cbbe4ac02a73300a6b949446025d2f1aadda3d8168d5f13fda8c8ccb0b520f5a033b34204d708e545c3ff58ee10265 |
memory/3680-118-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-119-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\search[4].htm
| MD5 | 3231e809c8454316890d88f752b76c8a |
| SHA1 | eb5f1a000894c0889b66ddb63d4a1d5000f7deb0 |
| SHA256 | 77d5abe3f4f423ca49ac0daba349979686f0af1d08cfa9d283bfc0831199d204 |
| SHA512 | 95f881cf2457def0c63cc6d6d13ad8d9eaf4505f1376aab47899ad088c39ceee46ac07309a94a89e1c1dbb083d926060afe8b7f8a09153fa909ce177e0408532 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\Z3WOAYG7.htm
| MD5 | 93d54c5502222cca201bdd9da388ce67 |
| SHA1 | 6865d285ae0f0a8f5ed1d035ec662ad6d0c635a2 |
| SHA256 | 88bd1cbc72a0e8157deb2d712dcf127aa81e8502732f7b2f663943f9d9dc6650 |
| SHA512 | 51305a43c664bdfa910f882ce0f9655d9e353a1ca556dfb2de1dece8d48e6372b20c078032950f4da69fea3c501bf099a7237788bf2f3c5ed5212d577dc76e58 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 44664f90bb5028b30e1e8877e680eae6 |
| SHA1 | 01355b0eadef6d71700f3985adaba67611f3879b |
| SHA256 | 07b0d300e61f05ad5ae8e94004f9fd316d8b85a7c8c866a1f5cf02a8537c02d3 |
| SHA512 | b81d91926598b346189f461ad70d3a8d7a59cf03cdcbff39abd425a4de0eff2dc72c935f863917122ea868c7452e760de07520cefd7f9335b748a39e3204e225 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\search[6].htm
| MD5 | 9e97c1ee9e22b0e0edbc00192dbe167d |
| SHA1 | 61c264b557f3fb57cb093dc586d0ac34395d4be7 |
| SHA256 | 14b063f777c4b04a1d542020c7b0d90ae04c58184ee613358f9105f7c8230f33 |
| SHA512 | 3f0dff3673b4f5130f557657ecc75ff16b1e5b6bc090c832264b99d288ec7453fc36a416aef6ba36f33e940e9fb94b0507ec45b6840984ea5464383aeacafa7e |
memory/2532-212-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3680-211-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3680-215-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-216-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3680-220-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-221-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0f0b338adbba8ea07dcd664029e32541 |
| SHA1 | e83bf16b0ff3b2a31701025d776a449f20923b8c |
| SHA256 | e22602b4d8986742dfebb6b566685bdb778addae356eda1724c8dc98b29e60c6 |
| SHA512 | 84a105c3d46a345c23196d2c04d73688d8ec9c07d4a6d40dc8bb2c028e5c06c8a74b79a2e2d755449eb43fad47d4236536b5653106a047e758723f5e4032f5bc |
memory/3680-253-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-254-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[8].htm
| MD5 | a229ae553e4ee3d77ad200df7e4dd9a5 |
| SHA1 | 4243e3f64e4faa2ce94b72979a23607752fd5cf7 |
| SHA256 | 962412f4fe112ab1e7d134c93c0cccd547be1a6c52c3271bfa9a0292bcdf3750 |
| SHA512 | e5dbf62ae352b348606b9eb123ce6c133e55e2cd6236ea6a84d0ea7373163fd75e8f25e7ea22d90b5da785f857836744066643e7cc1bea36cd135d31660e93a7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\searchJWA46QPU.htm
| MD5 | 4fc98b3479ecce8314d3e038da145897 |
| SHA1 | df44bdca97320624a9ee6be084e4de12ea06838e |
| SHA256 | 1af4f2a3f94597ea2a07e94a347250809eda6cad3a86dfd10550258f4b84db93 |
| SHA512 | ca805e12f7a64bc98cb6f701a1484dc52dda063a575438fcf8fde251dd113083e5f76a00b3ac7c1bc71de37cd513cc456f8043cb0b0022c93c07b346e370415f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchNXF3OO4S.htm
| MD5 | 18644885ed63992ba4538578ff625aa0 |
| SHA1 | 891c5faca9a4fe50809547ed9d754758cb1d6926 |
| SHA256 | 5fb4d4ce507e7e4b2cf174474c1170a182eac1994ddffda89fc5e6a56189e8b7 |
| SHA512 | 0283031b2b8f76fbb849d1a293bba07d1ed25392e728307233946e7459eb600d9867564ea269f7decb4132a894afa763865ae8ef86c9ff87677b9a933bc6ed8f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0K2PF59Z\searchIMECQPQW.htm
| MD5 | 15baee50df2f5391c928c6b2e61aa0ca |
| SHA1 | 733822fe9beeb3aa7e10c476f3079118eb3883b9 |
| SHA256 | 3f0ad5bb9a8ca5114b0abd78bb90e8284e3b1169f1c0a69e858dfc9a7aee72d2 |
| SHA512 | 753efd581be59528158f132fa10ac23a521452ecd734cb3a83861f90ba744d46405c49cd7d7de8ebfb2a68a377c8a108cbd38538902e1e6314f43d50e48deee0 |
memory/3680-374-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-375-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3680-379-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-380-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d0909f900bbea20c3cc1a89f82545c7a |
| SHA1 | 7f5129c8168daa9297b10b9fd8a12e8915a2005f |
| SHA256 | 47dfb254e0f6394dbdb72ca06d00dfdff680c3d82e9ea6a950d7c31ee581edc4 |
| SHA512 | 4cb23c24918ef51b796681d6da3ad953215d50c001119897bf04b3cac40828b3408effde9a280bd2d1bcde74730788625d69c3bc34ab1aa25380b74b4ef84b59 |
memory/3680-390-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2532-391-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2532-395-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 7b3b2e4717f2d73cac16d29a85e42aab |
| SHA1 | 1e4fb08882eb186e421effc04335094777575b12 |
| SHA256 | 7f2fb20303e83c7b6964e28d520bcb638f19ef23706374b38be8a93346cfbf31 |
| SHA512 | 7f1d395afb5192f28968babf4136a4fa4644afd8e8b22ff1ce614386e3eaf51cb4edf5dce66777a0eaa3e6f8480da11770c6334eb53b0260635e11909fcd9420 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\search[1].htm
| MD5 | 9cde11fdee0118becaf0a0430f499809 |
| SHA1 | c789eb7f4031669d4f92d824cfbe9d4a68938253 |
| SHA256 | b835ae705e79fcdf9f512738a82dd910605794187f02e1b05dd0a0b776bc64ea |
| SHA512 | 29bc67f1bcd269c041eb714dadbdffe1aa3260e69c73420c5b66a0ec3ad3cfc240b03579919e9b13b9f233f9cf4fd51b784fb80077632b18b274fc5a49398ca6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RYAG7OSV\searchXI03F7SG.htm
| MD5 | 46e51db93a4bd83695fc409363e3caec |
| SHA1 | afa952aa0f6cc023c376274ec0ca30d3788ffca9 |
| SHA256 | 3f09bb658a728d0cae2d989fc850246713fb70d434b60ee3f62cf160af8b8535 |
| SHA512 | 749d03b579e4329df464da2ebdcb3f7d96828b9bea3ae7c3e07d1ebd91c33b80c0351c17efdd87078f287010ec7bd2b5d551b1ed61dbed3dedf819a7988251ae |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\results[5].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NQFXGDW\searchPJJ5Q7XZ.htm
| MD5 | 8dce27fc02554a58e25140de102e5e44 |
| SHA1 | 8fe548d3608115cd72cb49f20d94094e9272fc36 |
| SHA256 | ae54e4217a53265c07be756bfddd253b70acfe1085363e389d89c3af1fb36114 |
| SHA512 | a6f15c69fb517b0ab0eec4b44a76d8007b8688c553426a856eb3e8ef799c562b6eb2a0055efc9666c574e0dd9fb7921f5a108bca754070abae3165979cc9c2bb |