Analysis Overview
SHA256
0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469
Threat Level: Known bad
The file 0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 18:10
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 18:10
Reported
2024-08-07 18:12
Platform
win7-20240704-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2712 wrote to memory of 2824 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
| PID 2712 wrote to memory of 2824 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
| PID 2712 wrote to memory of 2824 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
| PID 2712 wrote to memory of 2824 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe
"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| N/A | 192.168.2.107:1034 | tcp | |
| N/A | 192.168.144.131:1034 | tcp | |
| N/A | 172.16.1.164:1034 | tcp | |
| N/A | 192.168.2.107:1034 | tcp | |
| N/A | 192.168.2.109:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.40.0:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.134:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 50.112.124.79:25 | alumni.caltech.edu | tcp |
| N/A | 192.168.2.9:1034 | tcp |
Files
memory/2712-2-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2712-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2824-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2712-16-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2824-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2712-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-47-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2712-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2824-54-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 31a4906e91ea0b1ad24553607da1c067 |
| SHA1 | e15c2ed3ba9f302a6f6760adb1d711bf5ed34b8d |
| SHA256 | 04bd963d6420c88ab3820bd8401bed5f49728379e4efe39ea67f66ed0ab8b508 |
| SHA512 | ce686f2b64b12b8b9bad04b6285c6a7e5b62134511023b692ce683a19d4335c6a485eb4ad61ca039b00842c725783144dfbdfdf89de6dfd40496d91f91310ee3 |
C:\Users\Admin\AppData\Local\Temp\tmp179.tmp
| MD5 | 9053c6a28dab7a73e9d3c1fcc270f66d |
| SHA1 | e0c5cebf1332b7be4f1f501031ad86edd7462bd0 |
| SHA256 | 86f92071898a66ae33d0b1da6ab7f1c761a4489804943f1782ea34624c6a6d59 |
| SHA512 | a05c2a250bd2038cb5c5868fbf669c0397ad642b4202d83cf74a28f7c40dbc51353210276c98fd1e32d699081ebb491db2ee443e7f214aa40315f01ba7706297 |
memory/2712-78-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2824-79-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2824-83-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2712-84-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2824-85-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2712-89-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2824-90-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-07 18:10
Reported
2024-08-07 18:12
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1560 wrote to memory of 1696 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
| PID 1560 wrote to memory of 1696 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
| PID 1560 wrote to memory of 1696 | N/A | C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe
"C:\Users\Admin\AppData\Local\Temp\0142ddd4039170237d27851ae8e8ab43318d5babc92eaa776d71e0529349d469.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 192.168.2.107:1034 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.190.18.2.in-addr.arpa | udp |
| N/A | 192.168.144.131:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| DE | 142.251.9.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 2.18.190.80:80 | r11.o.lencr.org | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.25.76.104.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| NL | 142.250.27.26:25 | aspmx.l.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 172.16.1.164:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| SG | 74.125.200.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 50.112.124.79:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| TW | 142.250.157.26:25 | alt4.aspmx.l.google.com | tcp |
| US | 52.111.227.14:443 | tcp | |
| N/A | 192.168.2.107:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| DE | 142.251.9.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.10.17:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| SG | 74.125.200.27:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 192.168.2.109:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| TW | 142.250.157.27:25 | aspmx5.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| NL | 142.250.27.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 52.96.222.194:25 | outlook.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.251.9.27:25 | alt1.aspmx.l.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| N/A | 172.16.1.134:1034 | tcp | |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| TW | 142.250.157.26:25 | alt4.aspmx.l.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 52.97.146.194:25 | smtp.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | kinoho.net | udp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| DE | 142.251.9.27:25 | alt1.aspmx.l.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| N/A | 192.168.2.9:1034 | tcp |
Files
memory/1560-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1696-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1560-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1560-25-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-26-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 8268841de4b793ccd31a11f25a660eb5 |
| SHA1 | b3d650d4b2e894d506a12d6cd915a29097a451e6 |
| SHA256 | 41e3498f9d1afeeb746d4854b8109496792e81322345bf2e25ec310a1e652957 |
| SHA512 | 1b24e80aaa67b7ce2ea5443030892d658abece812267b4b34b1005e8e41b48c60f73007697193d1de80e70e6b119b7669b84239be52d4a84d3212da8f1cb2a97 |
C:\Users\Admin\AppData\Local\Temp\tmp46D8.tmp
| MD5 | 15a6230108419cd38926280877b79be2 |
| SHA1 | e89099ec30f89b66db0dbae3f62bb37868fd3c6f |
| SHA256 | 65831dc0399b89b12e0a254e886436cad1d4008b31de1d5b9a40fd4fc8d07063 |
| SHA512 | bcc179f6c4fa28d8fd63d671a3c3dc0d13757bbfef1d6172c84257ef83ebd63a101423a56768c9d9865f60be12a7c0d9c598e3280f624ab855f2113d02b61969 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\I5P4TYHP.htm
| MD5 | a4ecd38d9d9a17e2251f2ce7d3e16283 |
| SHA1 | 7ee4813e0763df21390d35f915d546e9667f0b55 |
| SHA256 | 66e3a1635e74581d6b82385399a2606354677767308e2676cafddc97c7c151e2 |
| SHA512 | 8c26ea12f80f5c9c5e770b81dbbd88fbb25a03e01f69c93195cb16049b74af47bf9d6b201faf26de2ebc5b1832dc0ead88a329357edcaef56b580dbec130482e |
memory/1696-163-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1560-162-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1560-202-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-203-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1696-205-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1560-209-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-210-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 34be091015d4d86f6a514b400c5a7a1b |
| SHA1 | a5e65f3f2ea143048c4632b302cfae0de46130c1 |
| SHA256 | f6dbeb60a9ca27005ea2ef621e2539c354c8599dd964f772e5ca46144c67806d |
| SHA512 | a02c0c37e7a033010a5060186872263d29527c55e06465c79e3e223f82bb2bb71813852ed2692f32bf59506d6c6b6f51261f9d6a52234de10d3598bc3ff08176 |
memory/1560-227-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-228-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1560-229-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-230-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 95f5719580c465213ac3a6627c4b3d41 |
| SHA1 | 9670be52729d926a0f053ccea4a6b37c79f46f0f |
| SHA256 | aff660075664eac0715c144235bc7f0702a2e944c4aa905479f35e9283b2ce81 |
| SHA512 | 6017d15ea9470f987e485126be9c1bf1c84f6d427b401c2a453282bd6a2230df300bf08660b3c6025c7a8fa3f330b395ae4bc84396c827b924c9590634ad2b43 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search[6].htm
| MD5 | b751c5856c5f94bf914ceec308194383 |
| SHA1 | 710d6213ceae0f6b13eb714568bb5feb9c9a924e |
| SHA256 | db30c81be18d1fe1f840dd3487787ae14bdf4a5facc98d101fcc637cdccd70e8 |
| SHA512 | 63c6bd1083eecb60e6cc29546240edecb4416efd1385f394202b5daa469354d7d36b11b2d7d457b0f9ec8a7bced630bdbec4c218506fe08cb5ba62d64adbe0c0 |
memory/1560-276-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-277-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[2].htm
| MD5 | 4e14a734f4f3efa45d3be3a4c3a92ec8 |
| SHA1 | 9cdd4230e09fb122f3d762f19d2f2fe39e671846 |
| SHA256 | 2974e4012b4b4d7b626043d7dd225edbe2cabad8e269337cb440868cbf4b4d6e |
| SHA512 | e6c712f0342e5f98f6cedb4541801ef995bc2a185e583b3574661de0d2014bb2c4489f527cd26cbbc3a66ed428f85343c07468e2f5b1e092a41517044f6fcd8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\results[3].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\results[4].htm
| MD5 | 35a826c9d92a048812533924ecc2d036 |
| SHA1 | cc2d0c7849ea5f36532958d31a823e95de787d93 |
| SHA256 | 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea |
| SHA512 | fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\searchUO2WIQ26.htm
| MD5 | 71a3943fb8511b277605b1b2ea66ca6b |
| SHA1 | 371cb66d57a37f7987111d6abe2ab8f8d4a8b198 |
| SHA256 | 77e4504ff59d3f42ceb376c127aaa93e3be7ebee66bbf2409f46570222f99842 |
| SHA512 | de58d3c7ebc3bde6da53da7fc1b6cde9aba396f5c6b4a8f64920a6d97795a4223e1da763ea090d0c60f37368802504514661f72571cb68c783d5d30c09d42c59 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\searchK6G4YTNH.htm
| MD5 | a699d05b92101fb7a7b4df58979f6d1e |
| SHA1 | 9f91499090ae92a6b6a2aa761e837da32963e55c |
| SHA256 | c76e9a39ce3ef52576e9adad684d513f955033ed59a90681d4e787efb8c40586 |
| SHA512 | 74b8f7614259f52f8cd7783d7420889f2c9f8e014af86ef528ba812775e1e028b8cf61414dec460c64d218f2cfb524a89e30f42a0b6c66286bfcac831daf7d8c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\results[6].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search[8].htm
| MD5 | 52e033fe79809fbe04d8267bd8f4b03f |
| SHA1 | 43f5f430a0b1d86e345f4900fbd5d61339e907d4 |
| SHA256 | f04021d990e2a8b03781c114da9ccd1d674f4d419c0b7a4b170df017c28c991b |
| SHA512 | b72eb0e2918015f959cd4b393d2fd900e6481304b7956760e46e7460195c6865ab5ef68288353f5cc43223bab31e7e08f15cf42a9d023f37037968fa5015c807 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T369AOZZ\default[1].htm
| MD5 | bcff225d207b6681a01ce639f790b613 |
| SHA1 | 529dbb5ff6798cabb783b8c10c3e689e2021c521 |
| SHA256 | 42c0f0033e6d1faa7c7d0a3e9caa3164267aec10d9d6066c1bf52b94c3691303 |
| SHA512 | c0bdb69112b649b4160a80cdd56c6105ad0d834ef2278bb53eddc7157ec0f811e36621f76c247bba6b25c9e855b0a51035025378a18b9c9fd1c672ddde7d688d |
memory/1560-476-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-477-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchOFE9X5W7.htm
| MD5 | 58f4770ba529fd116848542a6d3af351 |
| SHA1 | 2f0ac63d77c1bf3ec73fd3ba5b83aee2ce11a231 |
| SHA256 | 726fe6cbca6a3df7b46b8656a846f787e5c5d9cda642d2ccae3dcef8fd1cf8c1 |
| SHA512 | 0cf255ba443423d8e371ba859970dd29c9bba0680b97c830d0004b0a89e824fad2221be61d9c23ed33520b5ee4aff81583f8e6067fd414dd6a9606db5c35a0e6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T369AOZZ\search[2].htm
| MD5 | 1fbe13063082f2b394f8241ec3abb9d5 |
| SHA1 | 120a388135edc214c92d1b872351aa3bcd703e95 |
| SHA256 | 0106a22884647eb0ee9c946c353079f8f0f7f8086322bf2436d898dbedd8fcaf |
| SHA512 | 03c695ccee31ce4d5f8191f53e308bed551728dde98cdc8bce20d7b5c822d95eaf5d27a61ab3af75fcfe586a0cbd2d697741af82028dd2e8fb6e740225b4bd3f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchMOPUPZVT.htm
| MD5 | 53e251c4edcb670ca53a4717f72b9a48 |
| SHA1 | 96aaa592a3b2e26633447ffda9a7788f9a2acae0 |
| SHA256 | 95f32ff568103517d35746e2f1802fa8aaac0896a15fcfcbff3d1451d3201035 |
| SHA512 | 9e61060d3315bfecc6a08a47705a877fa76f0ac75fee302064e161d22cbdd2cfa6c935be3413b8686a6f01ea8360bd9268143beb48f84e3dda6391d2ca84bb44 |
memory/1560-614-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-615-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search[7].htm
| MD5 | e791a13e4aeab3937f0070725c16deed |
| SHA1 | a60cc9a39b41a13f4968681cdcc97f1b8124760c |
| SHA256 | 729723107d66d3f08b0bb5b90923fb13a7908a9d6644fc265956d3a7729459a6 |
| SHA512 | 1a424e2a2559f1a5b45d1856b62c95c1f7571363f6767bafe69f8ff55752583939a38121d75799f95c64068bbe094845894385d41864ea66d0b064d66b98709e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\search15VIRJFH.htm
| MD5 | 1f7d17c56b58bbe971beedc1b2d37031 |
| SHA1 | 8be9ac13e504a82ef4213ff0bfd0e8114c878a3e |
| SHA256 | ec3f695e67984efa241a2c3efa23bcd95121c0a715562b70d87b7d72d191b944 |
| SHA512 | a1279f9cb8cf553a806f1c96aafa2d4c657a85b7a17c4e4f9eaaf944f25e8d548bb099b8a2ec7a678e4ed292e40a1e593cd4327410b1b945ea6fc634011e2df5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search4ZHXG5AA.htm
| MD5 | fd04ba3f3722bed3a93fa8b99a70bea2 |
| SHA1 | bec32c56b1f61ec84ebaf80c73872a18ae9cd43b |
| SHA256 | 8736bbe71927b9013a7a183e00baef71f5d02b18dbf10b1ba0f732f765930455 |
| SHA512 | 62e579a1319decbec0d9a8a0beabe049bd57f5553fbc71398ef503bab7ee6cddca06950a44649705ce56f7080969875861da8ad32e7ead2db43debacdd3bfd5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\search5P2KRFFN.htm
| MD5 | 4d24e7027ea646466c31da9933b2e202 |
| SHA1 | bf9c08b2bbe34688d7cc9fd8ac5548edb449eba1 |
| SHA256 | 6719b9ab1714de21a90e51ce32807f4985c288f50cded1fe1e0e5f1e8a665e31 |
| SHA512 | e6af9b03a4ff9e636fd2366e331cfcc0dbff70752e3375bba8b1915fb93dbe8449bf7a0986208bd056c6a3c6bfd2f500818fd53968573a2e5e91656ca2eb2eee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B9AWTLKS\searchGVHVSHSL.htm
| MD5 | 64cbc0710cef398786470f1fbae7acc5 |
| SHA1 | ed172bcddad257b5e15365c411cc05466d64e410 |
| SHA256 | 804bd68863173b7e6f7a51ed8e37d5d96ffcb2fda3f151f0f7cf985cf5a8bd70 |
| SHA512 | c77bb93cbca8a16d13b8f7b9dd78e4dcad69673a3749f0dd8836d9faaee42029faa63440f6928ee4f6825df5c8a830501a75758ddf08e93e7f41259fe6364e6b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\search39NV41CS.htm
| MD5 | 0194c65aaa11fbf748aef65f8c7e2f17 |
| SHA1 | 2687ed35cc7537564d2adceccee020ea6fff1dda |
| SHA256 | 4dc8f9ef38794144fa75e4b6c5ce313df9427fed68f262069204fd675657b159 |
| SHA512 | 1c77afddc4269630911db6cf24e4b1dc8d7702109e7f3ba53de68556b47bac179ebc36957505b5d779c018fc011970a708d6dd0374b2a53d23e660118e153a06 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4fed344e015ff6163301e6807ae25b69 |
| SHA1 | 33e052ea857c8c8ef17513b4758deeeaed871a2e |
| SHA256 | a094b5da1d354413798149d9736f76a5025aa0eaf72f0252d3c9303ce839e459 |
| SHA512 | 394e5ce96a86938374d2bf97f5e98be11a42f73b65cd4ccb9dc21688088712544aa7c815419ed6f3ed89b588bf031b98d89d9b664c10606b8ff568f78d13081b |
memory/1560-755-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1696-756-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\default[1].htm
| MD5 | 14b82aec966e8e370a28053db081f4e9 |
| SHA1 | a0f30ebbdb4c69947d3bd41fa63ec4929dddd649 |
| SHA256 | 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf |
| SHA512 | ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\search036YU7MA.htm
| MD5 | 155a593a03df07a6b10f12530e21792d |
| SHA1 | 1f89e3ec6527f6b811e71bbc98cb7763529f63de |
| SHA256 | d1052c5b38682112400ae94f1de54d72348a58d13d64de50d2eb68b15e91f21d |
| SHA512 | 2e9a40265c5302860ee8caf0b1c6f1ad6ff3fa38a51e0fabdc1f0ac9a6f798bed44808fed1c6ba8587b2e89c1d30221d79e5cdffcf8f5ce6fd28721189ead309 |