Malware Analysis Report

2024-10-19 11:40

Sample ID 240702-a1c4vstbrm
Target 1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118
SHA256 381c166888ea6afb0ab3ea3fa971c6e30c87a233000f325a4a514b149607a7c9
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

381c166888ea6afb0ab3ea3fa971c6e30c87a233000f325a4a514b149607a7c9

Threat Level: Known bad

The file 1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-02 00:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 00:40

Reported

2024-07-02 00:42

Platform

win7-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.75.119:1034 tcp
N/A 192.168.1.85:1034 tcp
US 16.57.234.64:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.194.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 16.129.107.9:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.37:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
N/A 10.28.0.142:1034 tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
AU 16.50.1.134:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-hfd.apple.com udp
NL 17.57.165.2:25 mx-in-hfd.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 172.253.116.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
NL 23.63.101.170:80 r11.o.lencr.org tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 icloud.com udp
US 8.8.8.8:53 mx02.mail.icloud.com udp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mac.com udp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 me.com udp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
US 17.57.154.33:25 mx02.mail.icloud.com tcp
IN 4.240.75.225:1034 tcp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp

Files

memory/2188-0-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2188-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2188-9-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2408-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2188-17-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2408-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2408-29-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2408-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-35-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-40-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-41-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 77d55296675f690958254d7d9074b265
SHA1 6f1a4cac5fbf47e175c562fec8f4b8ab56fc22ec
SHA256 402d7ce0967bd333c87816feca52cccf9626f1a25be2592056486bcaf09c0670
SHA512 9900033d93d3bbc0e20b416407123f627d5bfb62065019e1fb29a226fd5fe1e0cd532547e516c584be5fc4a87e6d882fd31f1f42fcbffd496fbab287f2958026

C:\Users\Admin\AppData\Local\Temp\tmp1E4A.tmp

MD5 2ca1eeaba04d5245b668ff8f2bfad0ce
SHA1 884b91f0313e9035e2c4d6804ede4c8e193cd19e
SHA256 467971d2a05503c78b73d143068812355bc08c151918e3fde5614d795cb1f8ee
SHA512 45ccd9edd1dba6f62ca429d4e1290270786441811e84053be66881f1c5ff0b72ee3840376749ea8adba7b90120ded53868fb2e377bb33b6c5778b49c3a0bcdac

memory/2188-56-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-57-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-60-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-65-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-67-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-68-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2408-73-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2188-72-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-78-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 39ba1bba33407a0516648d56c1d912c1
SHA1 c4202d79c6c49ec66ad82f266ddcdfff2ef291cd
SHA256 257ef6927c53f1f05cf4344fa50d258b38c5410b5bee619b1e32d653d3a5f268
SHA512 3f1be78771384d01d1376115cfa8f38b03ea9acee83bf3fc4d77b8fc1e0dc67755b3b6c3169169676bb6490c2117110bdb5f4e04303c5ba1a3d459fdb563cd2b

C:\Users\Admin\AppData\Local\Temp\Cab2036.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar204A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc3dbd0e03871481fbe46d270b2e68a0
SHA1 a09165e0443503fa0e7f62c9b089abf483b3e1d6
SHA256 9b2073b0ddbaa4ba51e7f6acb11ff7143c9d379903dae7f50b3d50d18d659da3
SHA512 a4d27f3fb51f49841ca2186789607a881d749c8de02e7fdb899d03c13d8dcb58cde88d89968bb4891725f20c7c5d058ee8d3dabec116439228de1c98d9538884

memory/2188-222-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-223-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\MP2UTV1G.htm

MD5 a638d7f83b5b930c1c7357328cc5313f
SHA1 a4f8ab5f194e4991dd0cfee4074747fba536b611
SHA256 b98fddfa45d468d252472e6a315f40932d52ec0564b659ad4f3a7c00d5a4d991
SHA512 be11504bdd72ae78c44bf298659fe95f321c527bfad4c9fb8842e8305449433615ca327b9ef06f430fde8ea7dce442b1c310e8238dfb2b981f2b2057a786d8df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\results[1].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\search[3].htm

MD5 94f2805d463f53edccdd4ce7bd44593b
SHA1 a224284cdeb7841972a697bed04c27ccf9f314ba
SHA256 b2a793a5fd47d6197c690f495d40a3b426a9825f8de6ef889683f8fa1b78e8b2
SHA512 6536c49010895944c13bc54a8756c94e7b4b1830fe1b69933386ab1774e7153725965e73c6e78bbf6159564e4c25b26a607209c30a0ae6cd259494511d9074a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\search[5].htm

MD5 42edd2a80885fd36e95346a3ec9d2a08
SHA1 f678a1651011195d0f9faaf86aa680d5267f2eb6
SHA256 aaec3fa1c79a8032b97776e409474bb20610a3b7f61af2e49f09a9f19475c17b
SHA512 e303651d401905d85474be41bd221eaf7bc10043a9e5771828317716281d7506b594b9f55df64e1176ed08e8eee99c700680ecc5d2e561e2b5210792c1a60105

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\search[5].htm

MD5 0b35a34c8632fc9cdd0c2b3513dd0a0c
SHA1 7b965c3c96a78d7ce587ddbc15abdf1de38e389b
SHA256 2e50abbfc314310b87d7a13560a6b11c3cf9f81fb175a12af26625eaf123938c
SHA512 6368eda83b6167289cff57fbe5983ebaf283f54e1df1ec120783d09526cc542e0c9b76d1e1a69f85f7ae745bbfb930ec5a2abdf6c008f55e04bf3ff3ced64184

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 5f99ac05605d6204fbc7d29af390fbb3
SHA1 a7e6ad3ec669fa2b9d2eb43050d22de98f81f89d
SHA256 86c6523e3768453e306c9e3f8052029aa700932ef578001c82b98428a1033766
SHA512 c23918ed8bafaabb0b865ee8e418ec6dc280120142541006c55369ac6f92dfe7ed5258ec850f74beca5e6249c6390b305a8f4a92635566677b2c07e9dac7edca

memory/2188-442-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2408-443-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-02 00:40

Reported

2024-07-02 00:42

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1d228aa6d7a038458b2f9f15f6e87368_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.75.119:1034 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 98.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 192.168.1.85:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 16.57.234.64:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.26:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.40.24:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:443 search.yahoo.com tcp
NL 23.63.101.170:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 16.129.107.9:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 toyota-fs.com udp
US 8.8.8.8:53 cluster8a.eu.messagelabs.com udp
IE 34.253.63.114:25 cluster8a.eu.messagelabs.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.250.153.27:25 aspmx3.googlemail.com tcp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.37:1034 tcp
US 8.8.8.8:53 cluster8.eu.messagelabs.com udp
NL 85.158.142.211:25 cluster8.eu.messagelabs.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 mx.acm.org udp
IE 172.253.116.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 8.8.8.8:53 outlook.com udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.10.3:25 outlook-com.olc.protection.outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
N/A 10.28.0.142:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 toyota-fs.com udp
US 8.8.8.8:53 mx.toyota-fs.com udp
US 8.8.8.8:53 mail.toyota-fs.com udp
GB 142.250.187.196:80 www.google.com tcp
DE 3.66.24.19:25 mail.toyota-fs.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 209.202.254.10:80 search.lycos.com tcp
FI 142.250.150.26:25 aspmx5.googlemail.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 smtp.gzip.org udp
US 52.96.228.130:25 outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
AU 16.50.1.134:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 smtp.toyota-fs.com udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
DE 142.251.9.27:25 aspmx4.googlemail.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 smtp.burtleburtle.net udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 65.254.250.102:25 smtp.burtleburtle.net tcp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.133.162:25 smtp.outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IN 4.240.75.225:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp

Files

memory/540-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1072-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/540-13-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1072-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1072-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1072-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-30-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-31-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0293c0f2318d4a70d8324739cf9a0bd8
SHA1 cf177903d3e530a211f34ac80481ae2c8676a7f6
SHA256 3259e79c3f8525fadff6a62a80e8f5e07243869130cc9ac0bfe9d813ca6c90dd
SHA512 c5cef04752f432f883ebd3c029afe54b48828ff1418195439041f732234a81366653ae31c8ff49c2568f9a00d31c15d4629f242f13736336d6c278c15277f3ff

C:\Users\Admin\AppData\Local\Temp\tmp700D.tmp

MD5 3bcd71c198a559491bac2e45ee69ae2c
SHA1 dad9aa85376643257121095619a48b0f422a709a
SHA256 f72041fa6ff3721bc3c8691ca1ef5199f6138c0f2a8e2d252b31876824ef4bd6
SHA512 f162207994de895ffe1feac6327151d228e9a765822110ec49f8a71f897d0469da6733514cc4015931cfd79d900ff011c0b846c2f5e8a29fc93b4baf7b7c2f7a

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 b83d191af8f87f8b69bc2ba6f4374798
SHA1 c5e59e899f90d54bca0ec1176452367314c9b762
SHA256 127a5eab01715e862acde7822c5effda3bec77fa2a01013d7f57d1ba6b41dd3d
SHA512 691659487b5c0ff6202c8801b8e156dad2b085ebbb6544464bd55a4874bdd0207ec35402492af32ea3abccf17bdcca1a99ad45b5f944a5fc75a59c260229aa11

memory/540-90-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-91-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[1].htm

MD5 a0a3901eb3ec8d464905156b58f51b63
SHA1 17807e1a9d28bb1e583222caeb4498a68e61482f
SHA256 6f46c4a87ac4f78bce79336b0395ae5ee12d709768bfdcbc20deff08ed67473f
SHA512 200b02101d0c8f54153730184ecb73d425540211b00cb4e22e5e8ac67bcdd020bd6fe40ea71100abf2fb9cd0d8e9961a1530d8cd5d15ee00f98fe4ddbb55d560

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[4].htm

MD5 083843a9b7e357750aa20d39e8b203dc
SHA1 c3f3aa823f75404f929564f93111a2bdd74a5db5
SHA256 7c10b3ea0b3be10799fd8c2aeb48582843b668ece07cfce0dc6d373d45a2cf66
SHA512 96fe9633db89860c24288c3aa3fdb6d0f71dee7623a268c11e1bdb744117f0e077d49b526f4736d4c871413c9892896d2fc5b92bd82f2098f0ed462308737f8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\RS7UUMO9.htm

MD5 319fd8896d0a20a8b85421b72cd34f59
SHA1 c96189b66902a3df963238005251cae7b2cce474
SHA256 4908e8e8128aaebc9501502326b95ed605348856b30cef106fdb548e97c1b91b
SHA512 7013f8e4dc701529107fc75e35507c70c611af26bae74dfc73ed7734916fa1e005a1cae5379dfd1e574947be522b58c236c662e29f71c250f0b05884e3df2fa0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[7].htm

MD5 7f296904babc6445c71c3f5e2fe05615
SHA1 76db9b01f9bb232e664d9f0fff1937a6089859e0
SHA256 f8f5e9cccf17eea1a7a6c9d5aa5c60463b66636957d28c4410cd9f36144e9c72
SHA512 81ddf8a24311de54db1a181abfbd50196acaa2b03be9b1241264e2d8360aa485cc62053c98e3537bbf2b97748bcf587de712da2e727eb6eb2fa527ecdac0eca7

memory/540-224-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-225-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-228-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-229-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1072-234-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-235-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-236-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c4c7da208a95fc72a57284482ce0e8cc
SHA1 f12a56f4bdc8735baef4138203a04676fd6bfd78
SHA256 a81b665ee7ee93f495995b04b10bfbf37cd57952b6a5ce2bf954251e338fefdd
SHA512 e288c5dcd38b697d994b0b694c80c15d05761b965bfc75f885296f4f6c3d34b8269b3e0056c27a050d3d8bf56d5c9c849c61cbb1cfe51b135877f32c55f2c9f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\results[7].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

memory/540-399-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-400-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[10].htm

MD5 16f2e37e6545a7e179ba2755444526fb
SHA1 b25b5d7122ed12f7d1f77ebbdfc2d517de6400d5
SHA256 9792d42cf6ddb7b2b04815d9450f05cdc77bcfb797d65dec24735435c530a1ad
SHA512 c95939b370414115ab63202383164dd99bda6497bd4f6bfdb80c9829a6a890ce714fcc5991f0d7625a2197c21ad9303d5b44d696a2be827c391a20ca40af24b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search7Z9HNQKI.htm

MD5 b87afb583c8ed9e0f2831812149dfdb5
SHA1 e5bd1704bfe5999256d789c499ace9f973ef4811
SHA256 d862ce60089dd54df6bb6c762ecf55df0b580d0334fcc7723609622f96abb603
SHA512 9b59c53e5d42676311b35f5e7a2a83ab75be4631b20e4f0b17c7b5ba7ac4515719c1cbe307a9309e94d4c4856df9324fb790dcce1d5e8c249bf10e0da204ff31

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\default[9].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

memory/540-582-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-583-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[8].htm

MD5 e51d3561e3c7a4d209cb96574c2cea21
SHA1 e5e90c868ef4d5744d5d331723ff3384220e38fd
SHA256 e8f0956129270378140cd4f58a779790920f25f3d46c0b6075f957d6183acfcf
SHA512 c1f537336f454e3f896ba06336446db072ec336b0d780365d89b6d86603766aa3c11668f3b33e044f584dd1c9957dc2dc44fcf9a3455225c3060809047d3eeff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchPMJB0W5T.htm

MD5 c172ce33925699d6286897763b65d3b2
SHA1 9fd56ca04ee9ec8a309f530f74003d0386544b9f
SHA256 4e52b254cf3a42ba3b2a61f0da26cd1d17602a4c2ba0f087d69149aaf9eac6e8
SHA512 eb39555eb18032c19589ace4fe1fb583a52ea6a5aced78d9093d30b17b7361b53f601708f011546f35b44ede7fefbfd655bbfc85a68d377158583cf1edfe397b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search029H0TAC.htm

MD5 562c81d0c2d39613b8e35366e4e16ab5
SHA1 9ddb11d5bc32e84cf8e7dadc451637b4ec18d39c
SHA256 20bb42957bf3edbe2f1824c19523dafc7debf5f4cd61eafd25731cca795e8289
SHA512 21f0932d68172ea6fab14e452f53296021bfe4d7f30e87839d21ca37f4df55fd8d04d278fffa3b0de3b8af4408e56e3ffce0afaa1e38199ffb932f08287c88da

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search58P0KC0B.htm

MD5 b3301042c4ad497435000b3511e1b28e
SHA1 95ebd0e57eb34a1cd69bbfe50e6e154e2709bef0
SHA256 86cec11c32d84e726f4371efbcd6eb0d6d79894214b1b46f628146f48f371176
SHA512 82dcdf300d5033fec3c7670a23c57185bbc0a8f34461f14dddd6384d0ea55f69e2c06a2cbde9797da9e17da1901eb3b0b0dd744ed14acf9d4eb592e9469b815a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\search[9].htm

MD5 5eb66d9efe3925ba1a17634e90f86a52
SHA1 9c1588971546ad5bc6c07543d061dc9aba8eb24d
SHA256 a707b5a63c7ae34cd0477024e8d67f7fa24959a628549dc25868452249f7451d
SHA512 80d44214bc1e6c496b17e662414facde82f0075768c859c1c76873eba8207d7fd9f58275a30e579c38ccd438b7dfe9f6bf80d9619256faae35559a8c120e2ae1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\searchBEHAMGKW.htm

MD5 22ac79a47da924dd430aaf1828d4a011
SHA1 38f81188be2774b5ca7ccd853005101be50319f0
SHA256 7e32dea123e1d67d4fec22caacd3cad652ccfa31bcdae878db9cadc7e69d4e55
SHA512 e1baddae490c3248f4c37a50e540bf03fe176990f448d2f77a13f0532b7e3e1bb943046181dc290b2d791c69feefc0cce79f6f9e4782bed4beabbf4609e54bb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchR4248NNU.htm

MD5 b542ff3e97971f1451b7a221e2a66233
SHA1 fd9d466f2ee52e6bff689be74079027b8546659c
SHA256 42e422ca9afb5a85df85cb37c4660c1886aba614c9a489b0906beeac99214b56
SHA512 fb2c6c49e9e62d1c58b2acfd8edbbbacc1ddd2847f11055b0679a123c811f2fb7ed61dafabee0088f97add8aee36087505f0e38e529aa4803d32e451dfe4bfb8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search[5].htm

MD5 a696f54103cca586d6faa23ef533cac2
SHA1 cd8346a331e8eb04236a8b2c68ac4ce6920e7d66
SHA256 02f69edca32559fdce571bf436f5e4e723f1c21a95413675ef8f98fd60b4e743
SHA512 453fd62bceb4a311a8fb25cd4f9b0f8eb2cc6ccf838125b551dd407b9c3c2520e6194d967c184f114e4d1cee197109528f97ab2800363989cde32ffd6be0a7d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchXP2M8QTC.htm

MD5 e344081d0243adfac11160bc980949fd
SHA1 5db6b291584e4e1616f48e2e3544afda9d62846d
SHA256 a15aa0351c64c5f9b795efa7f3fcbc97b19e77540b49c81ce636688a5aeb9b7e
SHA512 ea58c14de12d9598c0da5434fb44470e7da33408773d9fc1cd586f5885eb86ad86e8c2538881ce7743c2eb9695ac12084785fc6535460d98873d1a1679567525

memory/540-762-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-763-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search[2].htm

MD5 b706e6afc1d8d5c7d6ac20f1beb59dec
SHA1 6e48ffd56079883971dce61b7b00ec3adb488e11
SHA256 dce7260abc03ef9542e683a8984c6f77006b1349333a17d5a2afcaf6d2035cc8
SHA512 56f080d707899750728f58bad2f36fd1c50c6e5c068db5420295f2950c2181169b1db1dfed0521446bfc08fe1901188b0972c54c7fb865b09a9035a76277b916

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\search4E1JGU41.htm

MD5 f72d7c00a1f74a1452a1bf36b81f0d62
SHA1 e945633cd53090c9752105148ac3ce5b968190ca
SHA256 29fc545d80c43697be1dfcdde09594b374e2f3eb8d2325ef5579941860ebda0e
SHA512 31f6c1ca31d62946f3d5eef8d854828de370688e98fb8936434eb63e5fd00858a194785163c2586cb3823a2d6eb7a3b3ac92e63beaa3e38d69405fceade75ca5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\search16LDWKOA.htm

MD5 ea12a5cddba64650214f5b2a980b736b
SHA1 a76321834e32a70fed19c9b1809aa210adf9e43e
SHA256 5bdca14ef8170d32dfbcff3ec553527ede43120ad79303e3ed9e0cd1ebbf5b3d
SHA512 978af89a267abd9e090b93aecb36e16a93e59f8c34246f8b2687f5444168757218027c7bb1fe178a9f7cc7d4dca5852e2ac4692caa6a0ed16e740b8260af4038

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchLRV6NH3K.htm

MD5 21da4299911e14ccb7d7eb5a4ed1a549
SHA1 33d49994efa8ea9d7a9d158801c7f9636b2b7888
SHA256 2639104cd5d534b2e59bdd627fb7807b867fd25e5f2d89d6d217ae48c0521ff2
SHA512 841bd0b5ae966a0c0c6a8aa42c861e0b9463fd492e3373c03635551ca9a24dd68424c8f2349ffd4267c134c22483868e17a5c47547ea3a4b1648de8b6d98c87b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\searchRUHNEZGN.htm

MD5 8d41f19b4d3da73136757b38714ac0e9
SHA1 cf2f6829d99c46fed0cde47aa05ab1b870f569bd
SHA256 81c091e95db78b8ccae8f532b696ca9b6e2bffb764ee2d0b8e09fef4fe51295e
SHA512 b11bec5f13c14f9694e4abf08cd7b572f5f1236073d9ff3b4b519d0fe7861c4bdaf832347b903e62658eb743dc56e76bd537dc2fdde41e6f966dbf5c8bbdb25e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\default8241QR8G.htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J2J1W33T\searchND08LLXG.htm

MD5 294084e2ad378a92a127835d5c7ca7db
SHA1 eb1bce6258ef78c979491d98f56271d2d22c524c
SHA256 85a6f05ca41abd434ec99e719407db596613b756ff59a5232880169d332f936a
SHA512 6f48762dd0e23ee3ae6e347ab4c84308992053b9ee3c6296828ebea004cebce055d173c0669c4a7c964e12895aefa31539a0e929d305e216793ef1f359a5b7c0

memory/540-913-0x0000000000500000-0x0000000000510000-memory.dmp

memory/1072-914-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\searchFCZU1435.htm

MD5 e6b03b9cd6bb9fec3034366314b1429e
SHA1 c8207b77fe651c2260345c567ab23db69d8d970a
SHA256 694a44e99ed5b2627e11cdd0328fa6305eb66f7fe98fc6a46d1e16539563c6bf
SHA512 ce48b417d780842ad83ca0b15b8f519de2e4960ac528acc1f36dad8a3db9e99b800e68d0bc86b220038f3e93ac3261de32414dc7a8b9c8417fdd1577bb86835f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\default[5].htm

MD5 2a8026547dafd0504845f41881ed3ab4
SHA1 bedb776ce5eb9d61e602562a926d0fe182d499db
SHA256 231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce
SHA512 1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\searchC508MY37.htm

MD5 87d6ef9842ef1d5885ff39bca18206c1
SHA1 15a1e14e0b5c9ddd54753fc2ee5cebaccb9476a4
SHA256 0194c9687b6ac791e994fd64162662b3e25748e3234c932271d01ada66f0de94
SHA512 d34604c4dc300960975df841aab1b6c8b6f9c7d5c3112cc014922791cc06ddcb800c79bc14faaef8d82ac097883b573ce5a4cc3d78f5f15816b5153b2d8ed16a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\default[1].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7