Malware Analysis Report

2024-10-19 11:41

Sample ID 240701-q8wh6syeqn
Target 1b8f544f10cb311f271e4da55189b842_JaffaCakes118
SHA256 c35d980e38abea5b84c16e1c5386c3a4710b62294c5ea8dee6ee8cf6df2399ea
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c35d980e38abea5b84c16e1c5386c3a4710b62294c5ea8dee6ee8cf6df2399ea

Threat Level: Known bad

The file 1b8f544f10cb311f271e4da55189b842_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-01 13:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 13:56

Reported

2024-07-01 13:58

Platform

win7-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 16.56.164.120:1034 tcp
N/A 192.168.3.141:1034 tcp
N/A 192.168.3.100:1034 tcp
N/A 192.168.51.120:1034 tcp
US 16.18.14.137:1034 tcp
N/A 192.168.26.232:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 52.101.10.16:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 16.188.117.84:1034 tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
N/A 192.168.6.19:1034 tcp

Files

memory/3008-0-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3008-4-0x00000000001B0000-0x00000000001B8000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3056-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3008-16-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3056-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-23-0x00000000001B0000-0x00000000001B8000-memory.dmp

memory/3056-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-47-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-52-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-58-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3056-59-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-63-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3056-64-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e113fd3e383285553905e2a5b3684e48
SHA1 8d7a2033fe73c1acd9122ad2cbb25571b0456219
SHA256 49e89d8821c739f6290b638573385abdeae8273d41e5da3869b3be01bbf399c1
SHA512 7b7ce209385b36c6b7b2b88795be70e2a62259818492dba4dad00380dbfd456585d151b07018a69f1eb53a91e31cec2ca4df56fcc6af6879b198673ad30f0454

C:\Users\Admin\AppData\Local\Temp\tmpF588.tmp

MD5 e30581beca45b1360eb9668b35f80c51
SHA1 e06f031e4c469fa3b4916f633a4403ec4843d7d7
SHA256 7249caacbc2549edb2a5382dc894096f2fbabba5765bacef08698da28552d092
SHA512 dec92e8a75ddc710e3fc4d7fdb15ddb43fc241d78b0ad5b08568fbc9ded8e8fb29d484db985af01aa686852b9c47742f3d41a2d60c44b27edc18f9c6669da7f0

memory/3008-85-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3056-86-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-90-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-01 13:56

Reported

2024-07-01 13:59

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1b8f544f10cb311f271e4da55189b842_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 16.56.164.120:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
BE 88.221.83.203:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 192.168.3.141:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 192.168.3.100:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 8.8.8.8:53 acm.org udp
FI 142.250.150.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.194.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
BE 2.17.107.153:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 hachyderm.io udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 209.85.203.26:25 aspmx.l.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 153.107.17.2.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.51.120:1034 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
IE 209.85.203.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
DE 142.251.9.26:25 alt3.aspmx.l.google.com tcp
US 16.18.14.137:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.11.14:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
N/A 192.168.26.232:1034 tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.27:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 outlook.com udp
US 52.96.222.194:25 outlook.com tcp
IE 209.85.203.26:25 aspmx.l.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
NL 142.250.153.26:25 alt2.aspmx.l.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 16.188.117.84:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.250.153.27:25 aspmx3.googlemail.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
GB 142.250.187.196:80 www.google.com tcp
DE 142.251.9.26:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.outlook.com udp
GB 40.99.202.66:25 smtp.outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
FI 142.250.150.26:25 alt4.aspmx.l.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 192.168.6.19:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp

Files

memory/432-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3612-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/432-13-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3612-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3612-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/432-25-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 30ee628a5d95411318968b6cb2df8bbb
SHA1 d8e2a2d65bf839457d00300ea38a525385599856
SHA256 aaa136e71656a413a1e5f300d4c4e23af3ea9f4f56b34550ac4a1db3781d1a79
SHA512 d3c188355f5e8b639853335eba76245f6906ea82dd4fd3b4e1ecc48d29bfb939bf9c8939a14a547ae683e103736e89ac497609cb71e52e7f2be5d9596be22911

C:\Users\Admin\AppData\Local\Temp\tmpFA02.tmp

MD5 e86a713e38965fb081becd06cbe597b6
SHA1 f346c84131aee5581e181c0b21c4cb7ac2c24ada
SHA256 cfb7b2408ad43d763f12221bf153da694babbb0bd3f509a275ec64cfb459507e
SHA512 f64d586f9048bc5000141c840da9743576979f4d3b5b9b7dff968e7ace7495131d0f1d9a5d69b79468579d70543fec2c43835ec42575341e60aafec1b259f81f

memory/432-97-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-98-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\6T9CLMZ2.htm

MD5 ccb4c257e051cdbf7a25e6c561830c64
SHA1 a72a5630efb22615a7f0fb0f9470633a8e38f570
SHA256 ab975a1c4a78ecc1d53c3accc168c9e26cf505afc52d434050181a077249de42
SHA512 83742a1b0485ba0aae430ce1e14c933062be8b2ce12906f44578cbdd12df696d50a77eb43733c822872dc9d93b557cc1d74d22feb57f3ba5a69d56e2659888a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/432-185-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-186-0x0000000000400000-0x0000000000408000-memory.dmp

memory/432-187-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-188-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3612-193-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3c90167a9b2366f7a38fe15df73f99d7
SHA1 86075e05ab1926883ea7fbd9f6fe6aac8f73d964
SHA256 0d5b88b9a75e0fd1b66576ff13ebcd87a1ed512925bb7ef444891b43854b4047
SHA512 570796f0edfc20cb06743209688bbf0a8355e5adfbf675558e86d3d9e0bc6e2fae54a66e7e0cb88d7ee9ede808e2f1c02904bed6afd638cc053bb28065660771

memory/432-209-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-210-0x0000000000400000-0x0000000000408000-memory.dmp

memory/432-216-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-217-0x0000000000400000-0x0000000000408000-memory.dmp

memory/432-220-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-221-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 351a479c8a7b63a734e02f8860204f3b
SHA1 46fdca26b8bb02a734c6ffda81eba9be8e24d192
SHA256 e487385678b793c326ea8a23f610c527077a53406dc16b7f645be7fafbfaaa8e
SHA512 cbf1cce533c49f33927be5b84d585a5e7ebd58ae836936b52395386373521349a41ab7b5bd17144a102964e6c3b96800abe26e77b84e60c87ade01ad511b54b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[8].htm

MD5 7b441546a900021ee424cff35a0e02dc
SHA1 140d5e38878ebf3348cac61f9afad5617c6ed772
SHA256 f318fe1f87573513e3fb5cc80225c73ba6ac482a3dc45557c16cb0bc96390c29
SHA512 f7cf17759b5d49be0ddc21a08cb722c00191fc8b0e14c27d042615771dda3f2910057970e113c54df4ae342e00cdf01cb2de2023199f8df26fdd29da64f4dd39

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\results[5].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[2].htm

MD5 7019b57c67c81bd06646e9b927257202
SHA1 ac8b65af5a54597c1a879dc0b7057cfe955c1e66
SHA256 0b3c4a6faae3e158162697897a35188273641dbcbc99c78a8f043ba0b687946c
SHA512 79d337bb5304d39fddd3df85f24062d8f7b10569b714495d92f17f3410ef54d1d34f433628d8f481df139622f80fc02df97b11cfef0c2b505e6b93c0cef822c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[8].htm

MD5 96c56c720d2e42998e0bb51a70376254
SHA1 32b1d674a94a58269f11deeb1e03eec30e798de4
SHA256 571d86af9a696535f89989378562c466d319b780f3ee8005d9192a5f4a4b593a
SHA512 d82991acaa021f8f61a52c1a37a4d44f04fdc5f39d5f42ea596e4c30cba5a157cddbd07e556cdd1d8f8f1dacba5f9ca3ec222e0c749f3de295fee4f0647bf3ba

memory/432-349-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-350-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[7].htm

MD5 89890f8124859c27137412313a9ee1a9
SHA1 2b9c45bc8e541e438ecbcc04f20fa2ac7f3c0d01
SHA256 3ccb431b5f389c27219b622c754a2e35f62fdf779cfeb732cebe4a25476ce7b4
SHA512 7cada5e1b97aa94a296d14f190a49f512dd98f316b652befe9114457ca021b72ccfd052caba4d6e0d33ca00dbbfaa7999a083e159927fa8bc5ba91fba00bb290

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\searchJ8W4FTSD.htm

MD5 94d56630a1c25d0b30086188dfee8689
SHA1 e7e3cd4f0a4c0d76158bddcbf8afb5492629798a
SHA256 ec00b79a5a65e27637145ac3aed100534e3723ed462c767eb4b08a44b328d9fd
SHA512 488c2194c0b28d25a3ab97cc47df1eaa2ab5c411173a9575c51dd92a444f9ce59813fce6cf5842e7c80f20bc3733eaeeb87d69881b06c8bd42467b5fbdf4ca4f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchG28J5TUM.htm

MD5 25cb355a4bbc7b76d41f0f53af50fae3
SHA1 0f0c1c5453d4fa6cd7ca090747bace0189216282
SHA256 459d6edfb53bdf29bab768ece9f1e6c489a1b1f6c90d0376e9f875a9cc5981ef
SHA512 b26d796b985eaa7c1349bc7a48a0ff63f56c93f551befdd23eecdf2968dc86990c20e2ae2efe459c56cdf62a608a8464baad5f43a6da438d4d0cf3de760c8d51

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\searchY7JNBVF2.htm

MD5 0773cad3b5d6da8a20ab9757c904c17f
SHA1 6c059e342ee794199ce853560bb0f5270f94c53a
SHA256 ff1f4d950fac9f475a2bb9cd12be4083dc935988c3334583b1023a1e25e93d90
SHA512 a8cb5c307ce61296c8aa7fc3ded8b554f23eed28600636caba1b1c5eb41573e1660f8fea9ddafbf9c4a02979dabd68fb6104d7a603446499bb2f738aa0784160

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\default[3].htm

MD5 d7c7d9a22116debe181b010d460c4449
SHA1 0ffe4c171565d8d152bba5444abcfe4c3bda1a0f
SHA256 bdb7ac94dc916af2d7784a5c147167ce13e49d12baa9b8f3cccaf33e29419a7c
SHA512 0fce80c4e1d764c4ecd93f763b43459f76909893992069225559aa43d92991e436263e43a14ecd080d0452ef0aec3c1742807f88b3d7badb6a5f78ec13a9efc8

memory/432-503-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-504-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\results[6].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[5].htm

MD5 c90da09e275a3a6c24bac497614dd9a3
SHA1 4bbdf626906c54d1c0925fb8b6a725759b299ca1
SHA256 f209febd60e0e3bb3ce75a7d0ff4e943bf2d5769a52915248d7faa421ca826f3
SHA512 2c60cbe1ad62df8c8d1ff53f2f1ce03eb97a225c65f1ce5fe624875bf215c40d9b4f08b0dac6d1d38973e71b96bb307d3d3a18126cf979162faea9869a2f87e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\default[4].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\search[2].htm

MD5 d5cfc39887281dcbb6741b65f2fd07a9
SHA1 b600f16cdb7abf3d367a48bb80897ed41c658973
SHA256 31376cb2bfee2afcc060f7d66dc3e3ce4763602854c7bf76ed13c87917f3d807
SHA512 35d85f002b3b077a96a5663a6a8fad2d204a1812c6575e923c9c49ee47f98f5022d9c56f2ebab7913b35e699b8a817717859cddfde7e072bdc46e19b44577cf3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\results[10].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

memory/432-640-0x0000000000500000-0x0000000000510000-memory.dmp

memory/3612-641-0x0000000000400000-0x0000000000408000-memory.dmp