Analysis Overview
SHA256
641e5abf8a06f3cc35226807256be6b1609b4a4ddbd2d9b60409b60672caca1b
Threat Level: Known bad
The file 1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 08:20
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 08:20
Reported
2024-07-02 08:22
Platform
win7-20240221-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 2200 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2944 wrote to memory of 2200 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2944 wrote to memory of 2200 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2944 wrote to memory of 2200 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.75.125:1034 | tcp | |
| IN | 4.240.75.97:1034 | tcp | |
| N/A | 192.168.180.164:1034 | tcp | |
| N/A | 192.168.1.56:1034 | tcp | |
| N/A | 192.168.1.141:1034 | tcp | |
| US | 16.57.234.64:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.8.42:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IN | 4.240.78.215:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| AU | 49.213.37.41:1034 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2200-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2944-9-0x00000000001C0000-0x00000000001C8000-memory.dmp
memory/2944-8-0x00000000001C0000-0x00000000001C8000-memory.dmp
memory/2944-0-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2944-17-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2200-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2944-22-0x00000000001C0000-0x00000000001C8000-memory.dmp
memory/2200-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2944-25-0x00000000001C0000-0x00000000001C8000-memory.dmp
memory/2200-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-44-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TVbqjvjs3p.log
| MD5 | af9c0e04c73b6309891f1b771cabd504 |
| SHA1 | daa7fde689803bec35a11d765e53c335ce04aabe |
| SHA256 | c27097b5042e4f36f4988e41375b946ffc2629aa5926da7115f5346a69705278 |
| SHA512 | 3b7d0fc527fe93c0cda42498c3cdf9fd4d4b523f220c627bc902d51db0af06dc1a7d1aa4ea95ece9431d32c7223a4c011010de4a7c2c1b1ea74584c5355cec2f |
memory/2200-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2944-55-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2200-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-61-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 58b788c5044b4bed4bbade59aac78f4d |
| SHA1 | f566e8f11d2714bd5f82d696bf8cb6a156d58fdb |
| SHA256 | 9a7714f1edea20849fc42ed2e23b4fc4c1657322c3ab2c8858ca856bf8e7fa56 |
| SHA512 | c48b5ee3fe1e399b4935a0b32a882738a07a98732d82181c861aca614dde29ad90caa33201daa51792104b255bd3903139c2772e7c18f664a7ba60cff1aa971a |
C:\Users\Admin\AppData\Local\Temp\tmpD828.tmp
| MD5 | 3d78fe68c60482fa7e1fea8506664bca |
| SHA1 | 7b70fe2fa15795230a146d667751616e12329a5c |
| SHA256 | b5fd0895d0d789e4126b66dc8d9ca35c42ac734452f046374b8ab5bb5ffa04cb |
| SHA512 | 630a83e2cad4edbcd1d0ba22aaa0bee35c48cccd1ef6a05a13d50737c97faf2119984ea517d1ff51d97397f9de6cc10268ab412439ccb560038eb231af318b8d |
memory/2944-81-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2200-82-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2944-83-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2200-84-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2944-88-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2200-89-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 08:20
Reported
2024-07-02 08:22
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4988 wrote to memory of 4600 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4988 wrote to memory of 4600 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4988 wrote to memory of 4600 | N/A | C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e9ce3df1b1b957a5f52fa042982a3b9_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.75.125:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| IN | 4.240.75.97:1034 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 192.168.180.164:1034 | tcp | |
| N/A | 192.168.1.56:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| DE | 142.251.9.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.8.44:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 23.63.101.171:80 | r11.o.lencr.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.1.141:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 16.57.234.64:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.153.26:25 | aspmx3.googlemail.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 52.101.9.18:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | toyota-fs.com | udp |
| US | 8.8.8.8:53 | cluster8a.eu.messagelabs.com | udp |
| IE | 34.253.63.114:25 | cluster8a.eu.messagelabs.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IN | 4.240.78.215:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| IE | 172.253.116.26:25 | aspmx.l.google.com | tcp |
| US | 52.101.194.17:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.111.82:25 | outlook.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | cluster8.eu.messagelabs.com | udp |
| DE | 195.245.230.198:25 | cluster8.eu.messagelabs.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| AU | 49.213.37.41:1034 | tcp | |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:443 | tcp |
Files
memory/4988-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4600-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4988-13-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4988-35-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-36-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b2ebc688342c7443e5c20b7c5009b458 |
| SHA1 | f34643c837dd37b8c808022198418fb7c1eb1103 |
| SHA256 | b2ef42188f73d097923cd64c9f937e97edc0d8917c1c4c57ea42f1eda834b9c1 |
| SHA512 | 8d8882c27873e7d3a429b9891574e3bb1f5ceb7e8ffd780c01946246023af1af4ee7a84eb2b28557fe9dc07f83ff528eb3836ea97da7e477e18ca32b6ffebbf2 |
C:\Users\Admin\AppData\Local\Temp\tmp5119.tmp
| MD5 | 298adbe1c7f9ae450fd44ae14c3faf6f |
| SHA1 | 2c3538ccb91948eced28c00931b3bb4651aadc3d |
| SHA256 | 2a1b5bad36129b9d1c2e67c9fea404368963598fa5ded949353e3e83b6b21675 |
| SHA512 | 96aa267cd33895d06a8bd0b20acb556edc944ac30f6fa622df5172df9afb2683e09e3799abb6f15bdf778240eaba92de94adaf8f65476b1f0b027dd8c7efedea |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[5].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\8ZEO12Y7.htm
| MD5 | 7ad98902f5f7c481355103c518464305 |
| SHA1 | 78e58df3dc4120ee211a4d0eabd64d1d7b11db83 |
| SHA256 | 675ed920c82da2bcfdfbbae0512e223f2f27d9f4ef6bc90f18c944cec64383f6 |
| SHA512 | c3c822a05dfc40190f00d0c21ff4b555654e487c1d6ef3ec9beddff208cdf975954e7acf5fd355a60086dcbd612814e1df8e45d8c55d6bdcb813b97b828780d7 |
memory/4988-228-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-229-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[5].htm
| MD5 | 3a9c572f3bfadfe1e8202db9075c5d46 |
| SHA1 | cb5a11cb46a7819b22f74a1fc54ac57519b20247 |
| SHA256 | 39d4837dcc996716a90665cc7b85b08c6b6c9875519985106220aab42db22414 |
| SHA512 | 40449e9113e5f3e7164eda07cbfe700e4c58336aadb0d789000a9a10304942be048cc613d268200bc55338e9e4ace9e3995d8d84dae92de44c27e128b9c10b44 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\results[4].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Temp\nfnMumal.log
| MD5 | ac4280baeb336d9fc819f4f2204eafa5 |
| SHA1 | f4bfb173a00faae45a7ebbc1d959e33d0ca261b1 |
| SHA256 | 301db8b917a5de364f731f7936dc0786c6e012cb5b7e4efa30c32f7a32af709c |
| SHA512 | a679057c994e42943998a970a87c81d97049dc3a5a5f58c0705805d48649d55e555d003c6b99c270160a655fb8c80957c676ebc39d73ab55cc07f13591432f15 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search[7].htm
| MD5 | 6f2e6599bc45018748244fd47ff99ea4 |
| SHA1 | f360af7d6510c1211a0f1b56295572e10e381322 |
| SHA256 | 2be7ceb603d4a884de9383c5173211fa4d373728397fa10e9217dd9a5639b9d1 |
| SHA512 | 74f7c76482e631bae9baee021ea5c1964c207af4ff362f5b92d07aafd2c81bddd183b4b29bda79b9b87eff82625d7e41f8037b2de47890b777d7f4f9fa09bd94 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search[7].htm
| MD5 | 8030cc498d4186fb551b17df08fb71b7 |
| SHA1 | ba2d299f0a297ec1bd48feca21d1c370755d6325 |
| SHA256 | 1e388a5ca5030490409a0f53a9d92f407ec623eec6f25058da1d4b7103d7ea1c |
| SHA512 | 9bb944265e8df9f67ae3bfefe76754371cc4af03c1321dee1f5ad1ccf258a3395bce338ff196510e68aa1fdce4a24ba6ee879ed2cc078c5d04ba782837bdf7c9 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ed6dc3a94d4f23a3e93add63abe64c1a |
| SHA1 | 6a4079e55f0946fdc4a21bbea20f527b96b26dfa |
| SHA256 | dffdf441739026acd2943da4d5457bee5c50638c0ac08ee0a512c18757f5a123 |
| SHA512 | 3a77ccff17d1da06ee468e47468238e598feafa5264b6e3b04a787e104d6fccc32d7e0aad87211556e64bd46b951a754a7f38f57b258af60fd760f68d1043694 |
memory/4988-469-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-470-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-474-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4600-476-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 8cfc92e780d2b2aad3263c6414ec5ddc |
| SHA1 | 78ab4a09833581615cda099f143db32c09c53b59 |
| SHA256 | a1e6e6de301f6738d0656fdd32a4abb1fbe6033dabbd6f7a84921570db1f90e4 |
| SHA512 | 5008702ed43d465a6f3e26d89d1678a845e2df04dd563eb108d52b23493f70978f4a4a1de522fd0a36e702d03a108a022fd9972fd20714a04abaa1dbcce3f98d |
memory/4988-520-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-521-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchIJA9E5GS.htm
| MD5 | 9cae50dc9498ca1a3e8fcffb59275aae |
| SHA1 | 5d148205d814a89c35c4ac3af3d12c77f1ef7852 |
| SHA256 | a74e6432b992e66a1fbdd7abfaf567564f337ceae74edcf57d87e68c6745fedc |
| SHA512 | 3695d29e493b81e56a10ca59a84171d6192c58c965e52b86c7932ae3dd7f1e95e4efd331447a0c86866645a2203ce07d4a35c2b46215a66d76039646ece7d0c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search63JM0X6V.htm
| MD5 | 07a4c994f43229fff07974e265cf1989 |
| SHA1 | 5f2c655e1ce6bdbabdb2943f0480106ce7db69f7 |
| SHA256 | 4315b0e64bbc3ff7d8ba19b4d2472fd897420257143e51e51347efcec0843ccb |
| SHA512 | 4e1c6e859db8628a0db51422ba92d6cbac560aea0b168918fdda4f49917436c2292a8dedb9782d6684d33c3351cdf39c49bded5058f1c4f79caedac37bfed6a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search67H91BJY.htm
| MD5 | c3799cc310d3f35d91fbf8370847fae0 |
| SHA1 | d2792d2c985e9e362dcf3d71b4b03aaa0bf21429 |
| SHA256 | 45ceaacf1be03e9f1574cfab6828888d62f0c9e25bca5e2d7e0fd815c5673c16 |
| SHA512 | cdfca8c26d397bdcc66d992620546431a044976ed059f3929030c5eb97d236c8c6ca4a5380431758d2700f18d0f1c4c46f8ac297606ba421aa3c60d5ff13b782 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search86UD5LDH.htm
| MD5 | 4aabeccf581f32418ecb2faeb8477866 |
| SHA1 | 2998b50226b996487c17a7b36ea5074ecf638b46 |
| SHA256 | 47600ddc666c00f474684ce4518a51786668266b969731753bc9ac983c5ae233 |
| SHA512 | 6687cf5b8ffda73e4d241dd23d6162d0ca2edd95bbdf2f4d29c2dbcd4b84fa5dd08ac32fcf25674d6c0a440b05c54cf6c1a9a4ae0057220245cb511d08071c8c |
memory/4988-632-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-633-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search0NDU3H1C.htm
| MD5 | d0f4601a0259f39b73ed92416cc23ecc |
| SHA1 | e78787397d0a4658768954f1195da4667dae125f |
| SHA256 | 6424be8ea27c06058ca9829d7083dac2874c3c3868ceebef222329a1877319be |
| SHA512 | 3548adf612d7f25d055e603e0a1058c8402d9f3208efe1e0802b12101fd991c6ec0a58837d116cdf9ff84b07f3613655ba87cfacfd4f7d76f66a146fe6853304 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 1d8523ab29c7be102d78faf75c2f7266 |
| SHA1 | f5dd73bb4d34dfbc03c70a3fe445e06fe1c1a2a3 |
| SHA256 | 0035571b07a6b0f7718fd2c38e4a08c6802424903abcaabb88859469d6e8e1e2 |
| SHA512 | 68278713125b55b13899651ba9b3fb0885f1f6d904f026f60554889fbaf8a943f40fd2a6b81c655cf64a7c2aea0ae9f8319da1b993eb2537b8ab1465647f8dc7 |
memory/4988-644-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-645-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchXKK9J83H.htm
| MD5 | 1b8a72827dcd996811b3932ca7d34c0e |
| SHA1 | 22c9972b240771badfeb39a5e1e96d2a89cd109f |
| SHA256 | 5aa85a6110742d8e1cdecdb483a1629254eef46160fd4ed0ee0dd73319403636 |
| SHA512 | 0db86eedf8e3fb2245f75c70d36472c0a4224e29d19156d906edcfd6d9d9d79e47b544efdf4c41ba8fb37186aaf52400e1a7e25639f727c8aa630fafec267b79 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search6VVDA66S.htm
| MD5 | a76cdc10d3029e1b62b7a3fadf68b2b0 |
| SHA1 | ed98e0ebd2b5f97149d7b77726264dbdf6f0d032 |
| SHA256 | 1d6e74e5eaedeaf2d08e0095b59b5545d9aa6d19d100fca756246e6091938c65 |
| SHA512 | 2b9743a43e17a5d4d973fb7d0a8dd527bfb0ab5e79c4bd0b741d902b899b16652f6b01dd23049474438d73ac404916a447837c26ffa787aec49d3b13c40f3d09 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\search1G11A65I.htm
| MD5 | 63e3d81f4fbdd4a2ab0364ed610840a7 |
| SHA1 | 4c847a55c990f2e63d69335e3aed66ebe8bd11da |
| SHA256 | 26217beef3d57c0d65520a6acb00473ab532093f50c630c945436353c2b9b95f |
| SHA512 | 4cd12785f00e55c08950f4b57ee9203c7f85c18bf50fd82272e1d4db8f9083a3c64925eabb3ec15421ffeca418daac645bd5904253718348170188bf14b41d6c |
memory/4988-823-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4600-824-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\search8VZJHRTQ.htm
| MD5 | 67d7cef2f730fb693d86956ab3b27e07 |
| SHA1 | c971c44755980664336afb05e3a32b1d35d97d45 |
| SHA256 | c459a99a3b3b297657d3122bdb85e976622daeaee3131bb3d3052181fb578fdc |
| SHA512 | c4bc3360ea582e6fcaba13f0c3c7be841dca35abf4cc1f10f0f85bf0fe70b41aa9355fa61e713f678cd9b234b45f10e4e209d5e1dfb1a63e1238a223bb41e9d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\searchB1TMOUEZ.htm
| MD5 | c8a1ff47658e4db0a2718519754377fb |
| SHA1 | 9795828fd0c665429a3e35ce917313615deb88cb |
| SHA256 | e8960d22c8a199c6f899efa1c79e47199020ed9badf3a6f627e8b8daa037c405 |
| SHA512 | 8d5268980b4214fc58d581693ed361ef1ce092a0c63cc0f4995db2aeff840c45a6446a7bee8e43f2f7a42b466f298c0a8efee5a8e3747e84ce944fbb30fdafa7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\results[7].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\searchTN766W0Z.htm
| MD5 | 167ad8ad0eee0e3c7627b6bd0e107199 |
| SHA1 | 6b6db63fa94ac485e896fab166d5f5e8e3a30f0e |
| SHA256 | d6409056e22b3ecd3d47b1461e150c9be6ef5feb7192b53d5cd723d71763bb82 |
| SHA512 | 09592f054cfe043b54aa3eeba7772a1f82dfeb7a6c6a9ddf3e2b71df84dbb1bf87dcc2147c792f4f4836add0ab695ccb90d3bac492673de5f052a2121a89dbd4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchVJBDMS06.htm
| MD5 | 8e283dca2514d63f5749eb8c54041a4d |
| SHA1 | b8f95f8ede921557718684d9ece4e3b19c74efa5 |
| SHA256 | efb839cb6c4075daa309e5b07cf4c25244903f40cd6332d958037dcd3650c028 |
| SHA512 | 7f54fd45058c25ef5b7e30ad34a07fbddb611d48a140f247722dfb55c5e602b613ab3fc266310710a2f783b0600f67250b2cd7ab3f226c1e5edae4e4c9311292 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\results[7].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\searchT2GBK2NS.htm
| MD5 | 1bbb0f62a440ebc85dbb1ff24d6aac1f |
| SHA1 | 76262878327a6a1ab02b581f3b1b9a17a335dd48 |
| SHA256 | abbd6cedd85b44e215a7b0a8cf8c1c9b391cc1306e7708ce3c803d7de715d0a7 |
| SHA512 | 89343686b4c3805ff5fef9f140dfed19ef48bc41cbed111352769a518eb6c75ef1b28f0c21aaee15a8d38654948d2f6ff76463341cd5b2830c590227adcebe52 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchPDTQPB4S.htm
| MD5 | 063f46dbc279d9a66dd1fb10e214d26d |
| SHA1 | 528e6f33ef12f5e687f92aeb644d1f3b0f44b5e9 |
| SHA256 | 751d39bc31822fd77a4b6ea4c9923fa39951c7ce9f8ede25f3248c82965d4274 |
| SHA512 | f7fa2f0537075da9da64ae5d7ab9e60d165678b0929862db3fdad7c2a99347af507cceaf34f03e65b5c5ad10fd1de23e76194fa2badd20287c28e68e582e9e6c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\default[1].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search0Z5BQZFR.htm
| MD5 | 505e73fc186b21687637748b16dd91e5 |
| SHA1 | 9bd92b2cff6077cad97984915d9a8782dfaa19de |
| SHA256 | 44933c050bfd859ace1d0243d6fae06917a50f4ca686c3c879dc7966db77b026 |
| SHA512 | 185568770807bca991d8f5b9ed5de15710dbb06a4906339246cdc82cac880925ddfbd6397fcfa2095f5650c1a170ec7426dadd4ff105f802068830f36cec73cf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\searchXY1G9TDU.htm
| MD5 | 6121f917ab70058d8d06b2a9674748fe |
| SHA1 | cad6fac49ee43d79c568b163f5a6ce84b6373b1f |
| SHA256 | debca0ded533005a734929c1bed7ea732dacf9539174c2a49768da8b3c02f19a |
| SHA512 | 66ca8f75a2fde5c90a24162af963ffca0a60994ad15ee19c59f3d3b9bd3fc7d840b6ed72b061c667804be0f0f1e578e74250252d3d03eb7528dd88a0d3ed540d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKM56LDW\searchZD5VDOYV.htm
| MD5 | 07525c705510cc4b62d8bbff49f36ec1 |
| SHA1 | 34349d3cb387cfda7a7c50cc524264cd714410b7 |
| SHA256 | 905aada04cbecf97f35eb4838c6107f52b64148acd1b44c3299f8b60853e2f9c |
| SHA512 | 0a51bd0235010ff5109abe63c30c66084a06e8bc985d1aed910d270e997595269014fb89dc144f327b0635b068862b08f2baf34876b0cfa729b579697b5e12fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LU15KQ7Y\search2IIIBHK1.htm
| MD5 | ebf884fa9fa938aa28b172205fcef9a9 |
| SHA1 | 927d85afc94ab38e499eda12421cc58ad3b2ada8 |
| SHA256 | e0f798a4a27c2fe0b3d584e2f9142f20c66a181f1365aea445492e791ff9a18f |
| SHA512 | 1be009c105dda9f794096bfd3e892414bebe51628fee9af438b432477cad8932feee9872fcb4147225f7c5264f2b3a3a8b977a202e0e91f30b55a98b8383a28d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\search[9].htm
| MD5 | 26c58f0425013472388c84f1b381402e |
| SHA1 | c2b3848aabce67e6d2e3bad62338d43af897eea3 |
| SHA256 | 256dc73d6d6139118cd95430bdd20d5009fac110acbd344ea0b8ba06a0f93d99 |
| SHA512 | ff8b01806c8af25e13c5666bb70fa753c495b4f94e88f29b2f079208af13f2f769cca60b2e77d8214a98e6ebbecad8db7aff5b5af85231e3b1e9e23ea496b059 |