Analysis Overview
SHA256
3041e03eb013d1a6a21146d64626367732487231ab5ec87507f5a2684c9b0c0d
Threat Level: Known bad
The file 20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 17:05
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 17:05
Reported
2024-07-02 17:07
Platform
win7-20240221-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2132 wrote to memory of 2032 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2132 wrote to memory of 2032 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2132 wrote to memory of 2032 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2132 wrote to memory of 2032 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.75.51:1034 | tcp | |
| N/A | 192.168.1.41:1034 | tcp | |
| US | 16.48.65.121:1034 | tcp | |
| US | 15.204.158.39:1034 | tcp | |
| US | 207.59.216.146:1034 | tcp | |
| US | 15.204.154.223:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.13:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.100.225.235:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.91.197.130:1034 | tcp |
Files
memory/2132-0-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2132-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2032-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2132-16-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-29-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-41-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-52-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-54-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-55-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 885db3f185b10de7694e86abf5171926 |
| SHA1 | 614e0f3f0a45e36059e795543dd10bf49c5f42b0 |
| SHA256 | 6c2f0718b96230c5647a58edfbcbe27834f0c11d290ba3587ea27a1cd84a2429 |
| SHA512 | 09160744c194778c1b9a6a1d1c29d43c6d49e70432a057f879b16631de56a075dae03fb66a46bfad3badbffb9ea47a75aadf07071270b651e9d9ba47ba1be9a8 |
C:\Users\Admin\AppData\Local\Temp\tmpCA9F.tmp
| MD5 | f418a582a81cbdb791173016275ff540 |
| SHA1 | 87db49612d79daf5d4756014014c263da2b54012 |
| SHA256 | 27ad0f180b6b4daafb6588116bd8d12941b5b07aa325cf6be7a63a08a0602475 |
| SHA512 | 7f094307bdd9a537e38ebaa999ff53a49cf5a5faa7b1ce6c360589ff93e9471ed2e0ba1a7c3c6d26147b310d7de8418143e07d775c90dd44a30224d927472709 |
memory/2132-76-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-77-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-80-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-81-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-82-0x0000000000500000-0x0000000000510000-memory.dmp
memory/2032-83-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2032-88-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 17:05
Reported
2024-07-02 17:07
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2664 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2664 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2664 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20207f4a5db78197387b5b05ea3c33cf_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| IN | 4.240.75.51:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 249.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 192.168.1.41:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 16.48.65.121:1034 | tcp | |
| US | 15.204.158.39:1034 | tcp | |
| US | 207.59.216.146:1034 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.27.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 52.101.10.16:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| BE | 23.14.90.91:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 15.204.154.223:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| FI | 142.250.150.26:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.100.225.235:1034 | tcp | |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.27.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| IE | 172.253.116.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.41.23:25 | outlook-com.olc.protection.outlook.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 16.91.197.130:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| GB | 142.250.187.196:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| US | 209.202.254.10:443 | tcp |
Files
memory/2664-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3920-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2664-13-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2664-47-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-48-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 466ad3452b36cb6bb983e13f2036a281 |
| SHA1 | 3adbe1c6119a248a992aaca9754796c4812e954b |
| SHA256 | a79c0fec58eb055b58f940ba1bb5b5ed698eef162204b3dc8d56bbb771062c3e |
| SHA512 | 9edc8405f8d57a07e44c9348c4881315dd93cb67ee5d5e4e4ef2e0893290306700e890fbe0bc905ae06a2fd4bdcaf24c4903cb4c31bd12c627b86fe9080bdb12 |
C:\Users\Admin\AppData\Local\Temp\tmpB5FF.tmp
| MD5 | f1d5cc01d9809546d108757a6f4466fb |
| SHA1 | 70e33676e4a263a3d561c998dd849ac467f420d5 |
| SHA256 | d9ea80b59895f93dbc3e23ced3aba58bc2d111598138c3791d1fb03dda637ee1 |
| SHA512 | faed10e4ab6969aa07c21be3b606b8fc8393248d3f47a7aa31a2f3013ab8d3067ff088730fb6a4a12fdf9de97bf556adddbf434acc8850412b928b6c8fef152a |
memory/2664-109-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-110-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCKU5E0S\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQACG5HD\DA0J3JX3.htm
| MD5 | 85b80b469bee18b38b2c88ecc805bc67 |
| SHA1 | 39104a680760a2aa5b4ed682f96e9300066c0669 |
| SHA256 | 5d259121996b21816b503437d5a2167bad97a4bc855982a32eee86f1eedfbc4a |
| SHA512 | 8b107476d3a9e06acb83a82a211b10878dcab2af6ce2225b34cb6e77dfd108d0e47aae990f516b06502e0026c005f46d7c54d3794d64a99ae9c80be51e7a2e2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZRDQ3WBJ\search[5].htm
| MD5 | 3a894fff96b58e2dff3f4c9566d70b2b |
| SHA1 | 04b2b7e5dd460fa081623c806c2351c734c5be11 |
| SHA256 | 48cbbba3d27eb95b4a5c6c210f6fea7ed707f9b7822b66b7cf1ef38b932342d7 |
| SHA512 | a5ca14a0394c873890a5b6b94adbbc0bca3ca97cd143f02169f43dd9ef6d0162bed55705accdc66f12870e35912a3cae985712aef9d2f83d207a76ee3c724c42 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\search[7].htm
| MD5 | f8e0e6353240c2fccf95649ea19bb4a9 |
| SHA1 | 3b41bd1bbf0336fc033a27d5c5220406965bc939 |
| SHA256 | 9c4a2459c756e37340b4cb1e2e70bacdef3fd2a22fc0a7b170403dd535a92dc4 |
| SHA512 | c3882464ec9deaf89062c7590510ef089c7c34890e70317748666fa1e1257d0739e0658659c55b070871310b94b03f1cfcae95e38babe0a63e89744e06e83c85 |
memory/2664-252-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-253-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\search[8].htm
| MD5 | bfa6d3466b90d842f176064e85102517 |
| SHA1 | 826d53b25f5d9253af7ce89b392f734e5ef33159 |
| SHA256 | f753c0e51e664afe1d5f393cfc66ffc40c585e21c5a80d545f1838fe8e4f897b |
| SHA512 | 38b768838e0ff0926633630c5abbbbb6cef9e89e49d2ff4800008997e8d672b35415e34cd1a86232fdc64f682644ba79853765391d804846d8a570217d29e5c4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQACG5HD\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c8c5a65a03bb8560ba91beb836fac566 |
| SHA1 | 53f8b47ee1531745892d829a54cd4e593f685a04 |
| SHA256 | 443d6cb5b62f536fa77c929749ccebbd0e9c0bdadcb5d4141aadb0ea337f5201 |
| SHA512 | 151573cb953277d1c0bfc0ef36fda2205895538244ad6b7386aa8ad704ecfd92ed47f2041a4ad218a1f98f49de6f74c578f2ca3a52c64b7c5b100fb1ac9f806c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCKU5E0S\search[10].htm
| MD5 | 49ea03725d18a6eed0cd3971313499ca |
| SHA1 | 16970ad42a7cce57f34bae1ceae568120e794f68 |
| SHA256 | b22d26f5878a81632073419800ceb6c4b1c20f22b6eddf532c27916ae495f843 |
| SHA512 | 4c1f9d4b3acc307cd2699dace0f7f932f6bd59ed721d079fc86e5952144dd492c9c4babdf7ee782345070431fece3473b94079152ef21f7de4ff71e0a3051687 |
memory/2664-318-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-319-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-321-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2664-325-0x0000000000500000-0x0000000000510000-memory.dmp
memory/3920-326-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 74c38955909396c198837e342c0a84c8 |
| SHA1 | 9b948e026d295907f29a2e148743369ecd03398c |
| SHA256 | fe925f5cb6f9123a42fb8641551201f1c5021407b81abba068dbf5b7f3ba49ac |
| SHA512 | 8795718b7386e343bc6113f29a03453beb85680ed32556ab60433ccb6419379a0ec316c5581f9e1b699bcca611131a25cf65211c46c4e24b49329e207939d1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\search35XP32OF.htm
| MD5 | 11ba3465fd5866f4d027354225723284 |
| SHA1 | ab0df90b5641e5dad483fd0fccf66735ab89d9fc |
| SHA256 | e88afa4dc648353e233762e822b9d00117c115979e2102fe7926a0fcdb858fa6 |
| SHA512 | 1626606aa9ba805b31ed692609f3bff4f45bcee9c078bbfd61f21774e6fae7608051fcad2f09d1b2cf90a9452fea850b8972641d5c8569318d4c7068bb0ce05a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\searchZP6NQC3R.htm
| MD5 | b9710e8b0b877cf04a51b4594280f22d |
| SHA1 | 47411653f95705d906906c883f8e3f7c56df53a6 |
| SHA256 | 8dd1b8d1b02eef6b9094ad4313ec014f2c671d504253263f1f7634d47b37551e |
| SHA512 | cffb2ce85e301490dec75b026ce260ff2a839f7070a50d2afb45c23c40cbb60373bad789adb09137ea614df549413a979029e6443c046c42ae6426add59e3d14 |