Malware Analysis Report

2024-10-19 11:40

Sample ID 240702-j8h5hsxfnj
Target 1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118
SHA256 641e5abf8a06f3cc35226807256be6b1609b4a4ddbd2d9b60409b60672caca1b
Tags
upx persistence microsoft phishing product:outlook
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

641e5abf8a06f3cc35226807256be6b1609b4a4ddbd2d9b60409b60672caca1b

Threat Level: Known bad

The file 1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx persistence microsoft phishing product:outlook

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-02 08:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 08:20

Reported

2024-07-02 08:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.75.125:1034 tcp
IN 4.240.75.97:1034 tcp
N/A 192.168.180.164:1034 tcp
N/A 192.168.1.56:1034 tcp
N/A 192.168.1.141:1034 tcp
US 16.57.234.64:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.42:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
IN 4.240.78.215:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
AU 49.213.37.41:1034 tcp

Files

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2200-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2944-9-0x00000000001C0000-0x00000000001C8000-memory.dmp

memory/2944-8-0x00000000001C0000-0x00000000001C8000-memory.dmp

memory/2944-0-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2944-17-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2200-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2944-22-0x00000000001C0000-0x00000000001C8000-memory.dmp

memory/2200-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2944-25-0x00000000001C0000-0x00000000001C8000-memory.dmp

memory/2200-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-44-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TVbqjvjs3p.log

MD5 af9c0e04c73b6309891f1b771cabd504
SHA1 daa7fde689803bec35a11d765e53c335ce04aabe
SHA256 c27097b5042e4f36f4988e41375b946ffc2629aa5926da7115f5346a69705278
SHA512 3b7d0fc527fe93c0cda42498c3cdf9fd4d4b523f220c627bc902d51db0af06dc1a7d1aa4ea95ece9431d32c7223a4c011010de4a7c2c1b1ea74584c5355cec2f

memory/2200-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2944-55-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2200-56-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-61-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 58b788c5044b4bed4bbade59aac78f4d
SHA1 f566e8f11d2714bd5f82d696bf8cb6a156d58fdb
SHA256 9a7714f1edea20849fc42ed2e23b4fc4c1657322c3ab2c8858ca856bf8e7fa56
SHA512 c48b5ee3fe1e399b4935a0b32a882738a07a98732d82181c861aca614dde29ad90caa33201daa51792104b255bd3903139c2772e7c18f664a7ba60cff1aa971a

C:\Users\Admin\AppData\Local\Temp\tmpD828.tmp

MD5 3d78fe68c60482fa7e1fea8506664bca
SHA1 7b70fe2fa15795230a146d667751616e12329a5c
SHA256 b5fd0895d0d789e4126b66dc8d9ca35c42ac734452f046374b8ab5bb5ffa04cb
SHA512 630a83e2cad4edbcd1d0ba22aaa0bee35c48cccd1ef6a05a13d50737c97faf2119984ea517d1ff51d97397f9de6cc10268ab412439ccb560038eb231af318b8d

memory/2944-81-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2200-82-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2944-83-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2200-84-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2944-88-0x0000000000500000-0x0000000000510000-memory.dmp

memory/2200-89-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-02 08:20

Reported

2024-07-02 08:22

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
IN 4.240.75.125:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
IN 4.240.75.97:1034 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 192.168.180.164:1034 tcp
N/A 192.168.1.56:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 acm.org udp
DE 142.251.9.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.44:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 www.altavista.com udp
GB 172.217.169.67:80 c.pki.goog tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 23.63.101.171:80 r11.o.lencr.org tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 32.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.1.141:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 85.187.148.2:25 gzip.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 16.57.234.64:1034 tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 mail.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.153.26:25 aspmx3.googlemail.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 52.101.9.18:25 outlook-com.olc.protection.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 toyota-fs.com udp
US 8.8.8.8:53 cluster8a.eu.messagelabs.com udp
IE 34.253.63.114:25 cluster8a.eu.messagelabs.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IN 4.240.78.215:1034 tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
IE 172.253.116.26:25 aspmx.l.google.com tcp
US 52.101.194.17:25 alumni-caltech-edu.mail.protection.outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.111.82:25 outlook.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 cluster8.eu.messagelabs.com udp
DE 195.245.230.198:25 cluster8.eu.messagelabs.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
AU 49.213.37.41:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 tcp
GB 142.250.187.196:80 tcp
GB 142.250.187.196:80 tcp
IE 212.82.100.137:80 tcp
GB 142.250.187.196:80 tcp
US 209.202.254.10:443 tcp

Files

memory/4988-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4600-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4988-13-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4988-35-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 b2ebc688342c7443e5c20b7c5009b458
SHA1 f34643c837dd37b8c808022198418fb7c1eb1103
SHA256 b2ef42188f73d097923cd64c9f937e97edc0d8917c1c4c57ea42f1eda834b9c1
SHA512 8d8882c27873e7d3a429b9891574e3bb1f5ceb7e8ffd780c01946246023af1af4ee7a84eb2b28557fe9dc07f83ff528eb3836ea97da7e477e18ca32b6ffebbf2

C:\Users\Admin\AppData\Local\Temp\tmp5119.tmp

MD5 298adbe1c7f9ae450fd44ae14c3faf6f
SHA1 2c3538ccb91948eced28c00931b3bb4651aadc3d
SHA256 2a1b5bad36129b9d1c2e67c9fea404368963598fa5ded949353e3e83b6b21675
SHA512 96aa267cd33895d06a8bd0b20acb556edc944ac30f6fa622df5172df9afb2683e09e3799abb6f15bdf778240eaba92de94adaf8f65476b1f0b027dd8c7efedea

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[5].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\8ZEO12Y7.htm

MD5 7ad98902f5f7c481355103c518464305
SHA1 78e58df3dc4120ee211a4d0eabd64d1d7b11db83
SHA256 675ed920c82da2bcfdfbbae0512e223f2f27d9f4ef6bc90f18c944cec64383f6
SHA512 c3c822a05dfc40190f00d0c21ff4b555654e487c1d6ef3ec9beddff208cdf975954e7acf5fd355a60086dcbd612814e1df8e45d8c55d6bdcb813b97b828780d7

memory/4988-228-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-229-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[5].htm

MD5 3a9c572f3bfadfe1e8202db9075c5d46
SHA1 cb5a11cb46a7819b22f74a1fc54ac57519b20247
SHA256 39d4837dcc996716a90665cc7b85b08c6b6c9875519985106220aab42db22414
SHA512 40449e9113e5f3e7164eda07cbfe700e4c58336aadb0d789000a9a10304942be048cc613d268200bc55338e9e4ace9e3995d8d84dae92de44c27e128b9c10b44

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\results[4].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Temp\nfnMumal.log

MD5 ac4280baeb336d9fc819f4f2204eafa5
SHA1 f4bfb173a00faae45a7ebbc1d959e33d0ca261b1
SHA256 301db8b917a5de364f731f7936dc0786c6e012cb5b7e4efa30c32f7a32af709c
SHA512 a679057c994e42943998a970a87c81d97049dc3a5a5f58c0705805d48649d55e555d003c6b99c270160a655fb8c80957c676ebc39d73ab55cc07f13591432f15

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[7].htm

MD5 6f2e6599bc45018748244fd47ff99ea4
SHA1 f360af7d6510c1211a0f1b56295572e10e381322
SHA256 2be7ceb603d4a884de9383c5173211fa4d373728397fa10e9217dd9a5639b9d1
SHA512 74f7c76482e631bae9baee021ea5c1964c207af4ff362f5b92d07aafd2c81bddd183b4b29bda79b9b87eff82625d7e41f8037b2de47890b777d7f4f9fa09bd94

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search[7].htm

MD5 8030cc498d4186fb551b17df08fb71b7
SHA1 ba2d299f0a297ec1bd48feca21d1c370755d6325
SHA256 1e388a5ca5030490409a0f53a9d92f407ec623eec6f25058da1d4b7103d7ea1c
SHA512 9bb944265e8df9f67ae3bfefe76754371cc4af03c1321dee1f5ad1ccf258a3395bce338ff196510e68aa1fdce4a24ba6ee879ed2cc078c5d04ba782837bdf7c9

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 ed6dc3a94d4f23a3e93add63abe64c1a
SHA1 6a4079e55f0946fdc4a21bbea20f527b96b26dfa
SHA256 dffdf441739026acd2943da4d5457bee5c50638c0ac08ee0a512c18757f5a123
SHA512 3a77ccff17d1da06ee468e47468238e598feafa5264b6e3b04a787e104d6fccc32d7e0aad87211556e64bd46b951a754a7f38f57b258af60fd760f68d1043694

memory/4988-469-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-470-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-474-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4600-476-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8cfc92e780d2b2aad3263c6414ec5ddc
SHA1 78ab4a09833581615cda099f143db32c09c53b59
SHA256 a1e6e6de301f6738d0656fdd32a4abb1fbe6033dabbd6f7a84921570db1f90e4
SHA512 5008702ed43d465a6f3e26d89d1678a845e2df04dd563eb108d52b23493f70978f4a4a1de522fd0a36e702d03a108a022fd9972fd20714a04abaa1dbcce3f98d

memory/4988-520-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-521-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchIJA9E5GS.htm

MD5 9cae50dc9498ca1a3e8fcffb59275aae
SHA1 5d148205d814a89c35c4ac3af3d12c77f1ef7852
SHA256 a74e6432b992e66a1fbdd7abfaf567564f337ceae74edcf57d87e68c6745fedc
SHA512 3695d29e493b81e56a10ca59a84171d6192c58c965e52b86c7932ae3dd7f1e95e4efd331447a0c86866645a2203ce07d4a35c2b46215a66d76039646ece7d0c7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search63JM0X6V.htm

MD5 07a4c994f43229fff07974e265cf1989
SHA1 5f2c655e1ce6bdbabdb2943f0480106ce7db69f7
SHA256 4315b0e64bbc3ff7d8ba19b4d2472fd897420257143e51e51347efcec0843ccb
SHA512 4e1c6e859db8628a0db51422ba92d6cbac560aea0b168918fdda4f49917436c2292a8dedb9782d6684d33c3351cdf39c49bded5058f1c4f79caedac37bfed6a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search67H91BJY.htm

MD5 c3799cc310d3f35d91fbf8370847fae0
SHA1 d2792d2c985e9e362dcf3d71b4b03aaa0bf21429
SHA256 45ceaacf1be03e9f1574cfab6828888d62f0c9e25bca5e2d7e0fd815c5673c16
SHA512 cdfca8c26d397bdcc66d992620546431a044976ed059f3929030c5eb97d236c8c6ca4a5380431758d2700f18d0f1c4c46f8ac297606ba421aa3c60d5ff13b782

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search86UD5LDH.htm

MD5 4aabeccf581f32418ecb2faeb8477866
SHA1 2998b50226b996487c17a7b36ea5074ecf638b46
SHA256 47600ddc666c00f474684ce4518a51786668266b969731753bc9ac983c5ae233
SHA512 6687cf5b8ffda73e4d241dd23d6162d0ca2edd95bbdf2f4d29c2dbcd4b84fa5dd08ac32fcf25674d6c0a440b05c54cf6c1a9a4ae0057220245cb511d08071c8c

memory/4988-632-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-633-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search0NDU3H1C.htm

MD5 d0f4601a0259f39b73ed92416cc23ecc
SHA1 e78787397d0a4658768954f1195da4667dae125f
SHA256 6424be8ea27c06058ca9829d7083dac2874c3c3868ceebef222329a1877319be
SHA512 3548adf612d7f25d055e603e0a1058c8402d9f3208efe1e0802b12101fd991c6ec0a58837d116cdf9ff84b07f3613655ba87cfacfd4f7d76f66a146fe6853304

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1d8523ab29c7be102d78faf75c2f7266
SHA1 f5dd73bb4d34dfbc03c70a3fe445e06fe1c1a2a3
SHA256 0035571b07a6b0f7718fd2c38e4a08c6802424903abcaabb88859469d6e8e1e2
SHA512 68278713125b55b13899651ba9b3fb0885f1f6d904f026f60554889fbaf8a943f40fd2a6b81c655cf64a7c2aea0ae9f8319da1b993eb2537b8ab1465647f8dc7

memory/4988-644-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-645-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchXKK9J83H.htm

MD5 1b8a72827dcd996811b3932ca7d34c0e
SHA1 22c9972b240771badfeb39a5e1e96d2a89cd109f
SHA256 5aa85a6110742d8e1cdecdb483a1629254eef46160fd4ed0ee0dd73319403636
SHA512 0db86eedf8e3fb2245f75c70d36472c0a4224e29d19156d906edcfd6d9d9d79e47b544efdf4c41ba8fb37186aaf52400e1a7e25639f727c8aa630fafec267b79

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search6VVDA66S.htm

MD5 a76cdc10d3029e1b62b7a3fadf68b2b0
SHA1 ed98e0ebd2b5f97149d7b77726264dbdf6f0d032
SHA256 1d6e74e5eaedeaf2d08e0095b59b5545d9aa6d19d100fca756246e6091938c65
SHA512 2b9743a43e17a5d4d973fb7d0a8dd527bfb0ab5e79c4bd0b741d902b899b16652f6b01dd23049474438d73ac404916a447837c26ffa787aec49d3b13c40f3d09

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search1G11A65I.htm

MD5 63e3d81f4fbdd4a2ab0364ed610840a7
SHA1 4c847a55c990f2e63d69335e3aed66ebe8bd11da
SHA256 26217beef3d57c0d65520a6acb00473ab532093f50c630c945436353c2b9b95f
SHA512 4cd12785f00e55c08950f4b57ee9203c7f85c18bf50fd82272e1d4db8f9083a3c64925eabb3ec15421ffeca418daac645bd5904253718348170188bf14b41d6c

memory/4988-823-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4600-824-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search8VZJHRTQ.htm

MD5 67d7cef2f730fb693d86956ab3b27e07
SHA1 c971c44755980664336afb05e3a32b1d35d97d45
SHA256 c459a99a3b3b297657d3122bdb85e976622daeaee3131bb3d3052181fb578fdc
SHA512 c4bc3360ea582e6fcaba13f0c3c7be841dca35abf4cc1f10f0f85bf0fe70b41aa9355fa61e713f678cd9b234b45f10e4e209d5e1dfb1a63e1238a223bb41e9d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\searchB1TMOUEZ.htm

MD5 c8a1ff47658e4db0a2718519754377fb
SHA1 9795828fd0c665429a3e35ce917313615deb88cb
SHA256 e8960d22c8a199c6f899efa1c79e47199020ed9badf3a6f627e8b8daa037c405
SHA512 8d5268980b4214fc58d581693ed361ef1ce092a0c63cc0f4995db2aeff840c45a6446a7bee8e43f2f7a42b466f298c0a8efee5a8e3747e84ce944fbb30fdafa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\results[7].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchTN766W0Z.htm

MD5 167ad8ad0eee0e3c7627b6bd0e107199
SHA1 6b6db63fa94ac485e896fab166d5f5e8e3a30f0e
SHA256 d6409056e22b3ecd3d47b1461e150c9be6ef5feb7192b53d5cd723d71763bb82
SHA512 09592f054cfe043b54aa3eeba7772a1f82dfeb7a6c6a9ddf3e2b71df84dbb1bf87dcc2147c792f4f4836add0ab695ccb90d3bac492673de5f052a2121a89dbd4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchVJBDMS06.htm

MD5 8e283dca2514d63f5749eb8c54041a4d
SHA1 b8f95f8ede921557718684d9ece4e3b19c74efa5
SHA256 efb839cb6c4075daa309e5b07cf4c25244903f40cd6332d958037dcd3650c028
SHA512 7f54fd45058c25ef5b7e30ad34a07fbddb611d48a140f247722dfb55c5e602b613ab3fc266310710a2f783b0600f67250b2cd7ab3f226c1e5edae4e4c9311292

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\results[7].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\searchT2GBK2NS.htm

MD5 1bbb0f62a440ebc85dbb1ff24d6aac1f
SHA1 76262878327a6a1ab02b581f3b1b9a17a335dd48
SHA256 abbd6cedd85b44e215a7b0a8cf8c1c9b391cc1306e7708ce3c803d7de715d0a7
SHA512 89343686b4c3805ff5fef9f140dfed19ef48bc41cbed111352769a518eb6c75ef1b28f0c21aaee15a8d38654948d2f6ff76463341cd5b2830c590227adcebe52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchPDTQPB4S.htm

MD5 063f46dbc279d9a66dd1fb10e214d26d
SHA1 528e6f33ef12f5e687f92aeb644d1f3b0f44b5e9
SHA256 751d39bc31822fd77a4b6ea4c9923fa39951c7ce9f8ede25f3248c82965d4274
SHA512 f7fa2f0537075da9da64ae5d7ab9e60d165678b0929862db3fdad7c2a99347af507cceaf34f03e65b5c5ad10fd1de23e76194fa2badd20287c28e68e582e9e6c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\default[1].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search0Z5BQZFR.htm

MD5 505e73fc186b21687637748b16dd91e5
SHA1 9bd92b2cff6077cad97984915d9a8782dfaa19de
SHA256 44933c050bfd859ace1d0243d6fae06917a50f4ca686c3c879dc7966db77b026
SHA512 185568770807bca991d8f5b9ed5de15710dbb06a4906339246cdc82cac880925ddfbd6397fcfa2095f5650c1a170ec7426dadd4ff105f802068830f36cec73cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchXY1G9TDU.htm

MD5 6121f917ab70058d8d06b2a9674748fe
SHA1 cad6fac49ee43d79c568b163f5a6ce84b6373b1f
SHA256 debca0ded533005a734929c1bed7ea732dacf9539174c2a49768da8b3c02f19a
SHA512 66ca8f75a2fde5c90a24162af963ffca0a60994ad15ee19c59f3d3b9bd3fc7d840b6ed72b061c667804be0f0f1e578e74250252d3d03eb7528dd88a0d3ed540d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchZD5VDOYV.htm

MD5 07525c705510cc4b62d8bbff49f36ec1
SHA1 34349d3cb387cfda7a7c50cc524264cd714410b7
SHA256 905aada04cbecf97f35eb4838c6107f52b64148acd1b44c3299f8b60853e2f9c
SHA512 0a51bd0235010ff5109abe63c30c66084a06e8bc985d1aed910d270e997595269014fb89dc144f327b0635b068862b08f2baf34876b0cfa729b579697b5e12fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search2IIIBHK1.htm

MD5 ebf884fa9fa938aa28b172205fcef9a9
SHA1 927d85afc94ab38e499eda12421cc58ad3b2ada8
SHA256 e0f798a4a27c2fe0b3d584e2f9142f20c66a181f1365aea445492e791ff9a18f
SHA512 1be009c105dda9f794096bfd3e892414bebe51628fee9af438b432477cad8932feee9872fcb4147225f7c5264f2b3a3a8b977a202e0e91f30b55a98b8383a28d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[9].htm

MD5 26c58f0425013472388c84f1b381402e
SHA1 c2b3848aabce67e6d2e3bad62338d43af897eea3
SHA256 256dc73d6d6139118cd95430bdd20d5009fac110acbd344ea0b8ba06a0f93d99
SHA512 ff8b01806c8af25e13c5666bb70fa753c495b4f94e88f29b2f079208af13f2f769cca60b2e77d8214a98e6ebbecad8db7aff5b5af85231e3b1e9e23ea496b059