Malware Analysis Report

2025-01-19 00:33

Sample ID 240506-ywmphaha6x
Target 39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d
SHA256 39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d
Tags
microsoft persistence phishing product:outlook upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d

Threat Level: Known bad

The file 39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d was found to be: Known bad.

Malicious Activity Summary

microsoft persistence phishing product:outlook upx

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 20:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 20:08

Reported

2024-05-06 20:10

Platform

win10v2004-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe

"C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
BE 88.221.83.217:443 www.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.83.221.88.in-addr.arpa udp
N/A 10.127.0.3:1034 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
N/A 172.16.1.3:1034 tcp
N/A 10.87.149.58:1034 tcp
US 8.8.8.8:53 216.183.117.104.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 74.125.193.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.8.44:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 snai1mai1.com udp
US 8.8.8.8:53 snai1mai1.com udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.11.161.112:1034 tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 172.16.1.116:1034 tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.250.153.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 52.101.9.18:25 outlook-com.olc.protection.outlook.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 hachyderm.io udp
GB 142.250.178.4:80 www.google.com tcp
IE 74.125.193.27:25 aspmx.l.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.222.21.129:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 74.125.193.27:25 aspmx.l.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.27.26:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 outlook.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 52.96.223.2:25 outlook.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 74.125.193.27:25 aspmx.l.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
NL 142.251.9.27:25 alt3.aspmx.l.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
N/A 172.16.1.5:1034 tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp

Files

memory/868-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2808-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/868-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2808-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2808-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2808-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2808-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/868-35-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/868-37-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-38-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 adde151229c01b53d2e8189eb2da2a7b
SHA1 c81b92de5132a50940e1fc64373a63d442771951
SHA256 6743e50b4a6357bf9d6ee6812db2327f439621837f7c32b5a7577f215460d608
SHA512 9e36e6a499cca9ac1f06d851c3b7562e1d598b184d59b69ba6de3937705b13209ee5f29ff7abb61c9b0864426121f231c24f1666359d18b34654a8274517b234

C:\Users\Admin\AppData\Local\Temp\tmp608C.tmp

MD5 17d58f1ccfbce59d33d35bb634da3a1f
SHA1 11ac084667149436ff48add1b6e04057ca93640a
SHA256 38e961c8d1a2123ece310fea28c7a671ca69678e43bebeba361e18414de6e589
SHA512 05860aca46a1c577e6eb3d2b8aff59320b531b603714c269502bdfc63ca1a4164a2bae3cfcca333918e3ed418b23df341151e8e8173b0faf210a45b7bf78772d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B91VJWSD\2640MBR4.htm

MD5 fd0c033d163008db4f315e2a3bfeaa21
SHA1 c59555390f5fbe2d415402eaeda360fcd62a8d6f
SHA256 8235a4b24fbb3f0c9ed3fbb510f288dbc5be99c85b1ca2566038bf966a8363f4
SHA512 d8f8370cade2a4b152bf1ea3cd6176b213fbebdeadd1c80d10b618e63ae90e2362e7d936e4393e10c0e4190b4a3d0ed409044a46d04275a4de76796b942f8da7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/868-196-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-197-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B91VJWSD\search[5].htm

MD5 8834d34826a4af68934d01f9e88b563f
SHA1 380c780275f3495c3cd368065fa15bd3f148f5e5
SHA256 49161951a4e12e60579945abda5c0ffddc80019db835787aef058912bbe24c84
SHA512 bf88e642d0799dd8b98a8a5de38e8de8230759e1d98e90bc17b1d4ab113eef372a0596be5dbcdb8702f61eee2294f0557a5448282f0d031a22697ef746898b45

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 1c6c06b5a4b3195204473c233bde2163
SHA1 ff5c28628b91628bc3fe70b045598d1c39b907c9
SHA256 1f54650e888d803da13ea17bc2d865c62e923d49320de4c8906f95155c533301
SHA512 dd3a285020d39bf5b67d3aaa7266187b97523bb8f2f73ba518fe9123e5710a765dd425eb8f6790ac349b6c9445c0ade13d017e40d0297ac318b17f9a1315b843

memory/868-256-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-257-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2808-259-0x0000000000400000-0x0000000000408000-memory.dmp

memory/868-263-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-264-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 647f28c1bf237a7c34f2a58a937efde5
SHA1 13efdb59ed256c61bd354c32004340cc7a9d0aaa
SHA256 ad341e0b13e9ad0fa1e5cccc2dc334a90f474d014fc817768ed1d580a411a810
SHA512 6110ee3f8165793adf6df9053d8ccbd9067131297dd5e48a32cd1da29aced4ee4bd046d7bb36390328983ff6e0fd03f07443f03712a64132f684cb3f0ceb8e26

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\results[5].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\results[6].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

memory/868-336-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-337-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\search[10].htm

MD5 3de7c30e4d779051f5d95af3db0c2f80
SHA1 9ea9146fea1352ad758a3a9c40c0ad87ce74532c
SHA256 c99fcc417c1af231356223af15bd4b9c0993d8ddfc26f944e016bf03c4527010
SHA512 d176973790cd18565cc2b1278ab3f5a743dcb9df5e8cde9ce25b1d50bc2c1460c84c72743fee6db40578594bcdfd725b76ce215ae926eb3f521739b17d02da27

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 95a6dc0575f4b219fd6020bafef79de1
SHA1 f59e8601eb56847692923576cb84ecd0d090d381
SHA256 9c4a9f5eed5185dcb476507990e864de76ee4748bd405b86d9fe43cf06f8e0b6
SHA512 50e615d3e255a5b7b3fb01dab58f24ab79cd873b3668ab3772cb2d3e044c2c1bbc41ce873bf7e8755f8817f4da3f6181fced059872f0906cd3e4fd80dee0a99d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\searchT6EEHN0O.htm

MD5 f3e043494e72001e57964ee9780b1619
SHA1 7d17266c7f2c0092d8350540badadb1e534417f6
SHA256 5a5e293b444ff2ef4e3b58e35ef1bbbc1dc8c19fd5b54069c296b208cd0a7422
SHA512 239b175b25fbf02c5986f198f0ec3ec54891173bf9cd5005788256ed7b2b33755b992f51daf897771518fce5eb7a41c85918c4d85d64b60273c5efacb6443995

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\search48CU20WJ.htm

MD5 fa46e0bfc1872923c0abf6c54d1923a4
SHA1 d66dccb26e3c1de495a6bcf3886894661d5ccf22
SHA256 c938bf8095f0fecf385b63a0bf5da24c8c20e0d6b10ab6c332ff5012577a8a7a
SHA512 320dc467678bf90d7dc9a370385a843757c6db85c9a72b10d7381a398cacebcad5437684f8247a71585e34402db4630794adb5aea84d0694f757519997ff8d96

memory/868-443-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2808-444-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\search[9].htm

MD5 872ab58e80afe6b8a88af22a4f9d29a9
SHA1 cca8d78f40a4fbe7013f0d7e2cd952933032a0bc
SHA256 1ab54d7ed34661a7faa24620d19c8ba97f3e04947b660e61657a10d937e68641
SHA512 52a770f4d27da79fe2f44888aff9144f3f34d8a335196d0addd51ed14958d50b9a2d4f0ea9ac50a0433275b8b96234aca74fdb07b4ba26bd0d0db00473da6a26

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\searchR65G394P.htm

MD5 1e2d2cbb79c7d2e0722b236383b327df
SHA1 81a61e78f124a99e2ba3685930c1c46b6a85fe4e
SHA256 d9a68cf05551640ad224ea102e998f13ddc93fadef0ddf3c67a09d6ce27924f8
SHA512 69718064f50ae4b8f6a9d1ca0e01ba9961227306cb733f48cf7d3edd41b30df940d889f96a38a3bcffe42ab00db40db7aa03a41524f0d3cd8f4f4559d823d4d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\searchXXB72PM0.htm

MD5 f33d4ca5fbf5b6be35b0e30273ce963d
SHA1 c830f299867aab6e8450a9e94186f34066bc6e05
SHA256 425d64c58886d16098728293ee62802da28b6ce4455bb62c38edbf4ad029dc94
SHA512 2c55d9db1428711760d247d35427cede0f721fe2191cadb4f39b0733342e3b44d1a8aca11c7b2814952ab1dbc1a7a1c041c54e64872594eb0c7136d4de99e9c7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\searchEBDMYZRV.htm

MD5 ef8094cab4b6133f6aa0670611f4caf6
SHA1 5225f1273f2b3afbd63b97223f57f3b0a40e2f0f
SHA256 7abca9000081728748190206bdfbff514dc4869b56a86cd09d5e4ba48bcd2a69
SHA512 90f9e8d86653f17540747eec448b1c3efd87d21c549b10edca233346e938d7e1883ab4141f233c5c967e1564beb1e19985096f09e05cac70e3cbad5484086565

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\results[3].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\searchN4GW3Z5R.htm

MD5 fb84b045e5a7295e0660abe67c5eef34
SHA1 82808d4a05e91dcdde9addbd7c0726f02bbe51c2
SHA256 f83611d8aeec5e43f4a97d556163317d56098743a49e44fe556f6685c1d204fa
SHA512 30285f462b2a747be3eda31b23d004ce7fb2bbc7bfde8299c3e58bb306a8229d4177c838dacd23031cb634fb307aed4c27937e715d30af23bc80119b19c1034d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y2LQBQ0P\search6HYN9S0U.htm

MD5 a7ab9e0c109236af2ee1f6573efd2f31
SHA1 7d97a589b16e5fcc1714b98ee7498134cdca69aa
SHA256 a43560aebca50700d258ffc0be23e6577019721b5d03284778eeaad08abc62d3
SHA512 58c2d9737ebf70578450ad515ea5da7d25dee238091fb3e9a5fa8a84c827850bb04ebd271f644c189b1c7513f4c5a889e71bcbeb0073a48a4ceee323d45514d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\search[4].htm

MD5 752abaaeae4b69836818943162560570
SHA1 46b32000d010f8a2e113dd9b2e5a03d8f8700d47
SHA256 a47debeb67d8678dc5d5d873586c444f5ea4b974cad4d7fa47bea25a7a6d354b
SHA512 caf31126524ac3ef3d137fed579a83bd90062e6e3f8a72f8316222d08ce8d6ee9f27a9f3c8786093d11c6208649cb4b237b61df09a9376d7f3a1a69ca92c4c32

memory/2808-590-0x0000000000400000-0x0000000000408000-memory.dmp

memory/868-589-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a4f1f25180b6313bbd2ab2382390ddfe
SHA1 c401764fe775ce992d992a81b11958d4b3195da4
SHA256 5c317897404126143ad0babe1aa0e7efc301f386569f9748f5c7e02b83e5f00b
SHA512 b356141132d5acf906e4b46dd44dd3db639aad3bdcdbeabe1b341616fa2318e32a16485265ff783e280e44862946047d1c12d4990c19ef6881553f32ccf90f42

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\searchTKXCV77X.htm

MD5 b94a850b939b06462acbdded3bb6fc3b
SHA1 8ebe4df1cb7022f743f0a9e2fc2be499c707a6c6
SHA256 efac673411579eb1d221b54aea0bd2372b75def6e71a67da86f6add63410f275
SHA512 84970215d20ffa24d4578b07ced226d8c58c5e41d5e4e954a908272dee59a1af1b7370dab2edee26090b35d4e48ceddb36259f9d6cea205046024a41ff18274e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\searchJOXRLY8I.htm

MD5 3ade92bb18a53cfd5e33fb97ed125ce5
SHA1 a4f4768b3cc32907c76915f5ee808d3bf2b01fce
SHA256 0011daf27a116628dab55ad7f0b01afba2d2eb766be66a90ada6ebf6bc8fc823
SHA512 70ec57648f3f67dbafa72e8b7fd3a04785dab4c273226c8f8012ff921998c9b0acf97ce39a2f40e3024b1e5c007c8fdd8935da66f59043b04d8add88148d7771

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 20:08

Reported

2024-05-06 20:10

Platform

win7-20240220-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe

"C:\Users\Admin\AppData\Local\Temp\39a6b5a2d6b86703dabb38f036e12b20227ad09ee44d5986c28a51a54dc5bd3d.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.213.60.59:1034 tcp
N/A 10.127.0.3:1034 tcp
N/A 172.16.1.3:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.42.14:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.87.149.58:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
N/A 10.11.161.112:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 172.16.1.116:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in-rno.apple.com udp
US 17.179.253.242:25 mx-in-rno.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
IE 209.85.203.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 2.18.190.80:80 apps.identrust.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 icloud.com udp
US 8.8.8.8:53 mx02.mail.icloud.com udp
US 17.42.251.62:25 mx02.mail.icloud.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 17.42.251.62:25 mx02.mail.icloud.com tcp
US 8.8.8.8:53 mac.com udp
US 8.8.8.8:53 mx01.mail.icloud.com udp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 email.apple.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
NL 17.57.165.2:25 mx-in.g.apple.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.222.21.129:1034 tcp
US 8.8.8.8:53 mx-in-mdn.apple.com udp
US 17.32.222.242:25 mx-in-mdn.apple.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.27.26:25 alt1.aspmx.l.google.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 17.57.156.30:25 mx01.mail.icloud.com tcp
US 17.42.251.62:25 mx01.mail.icloud.com tcp
US 17.42.251.62:25 mx01.mail.icloud.com tcp
US 8.8.8.8:53 mx-in-vib.apple.com udp
US 17.42.251.62:25 mx01.mail.icloud.com tcp
US 17.57.170.2:25 mx-in-vib.apple.com tcp
N/A 172.16.1.5:1034 tcp

Files

memory/2200-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1648-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-10-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-9-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2200-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1648-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1648-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-31-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-36-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-37-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a4fb1aa29776a31fa457050c57e6c155
SHA1 4056b58fc6a4d40bce4d120c34f1fbafd776bce5
SHA256 98aaffaa09dca16cc13d30110b813be458b3f9391592045c9676b54286cea653
SHA512 f5c9245b7881db91c2832761595448e492d59bf34a8d0f27c024e20c2c808bb9f7b9073ed0e64c938432eac57eb019a572d2360ced0bf2772ee74c6c378d2733

C:\Users\Admin\AppData\Local\Temp\tmpD54C.tmp

MD5 7806104d15358ec5e545880ac130494e
SHA1 09f17a20f3ac09934aea7be7dff1d518e0e4db72
SHA256 21316428eff76249e0619f3f515f37ff4c2fe887f043855f864cee76def475df
SHA512 85bc2145ca9bb5d14fbd2659e9cd56e934dcd3e238104f7673bd4b901c7657d571965b9424a54be8372d098fcf9693dd348bd003e95c2bc86765ab47bc8d7c03

memory/2200-57-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-58-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-59-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-60-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-64-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-69-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-71-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-72-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1648-77-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 4a19a366f38950d2af307c1eab1be13f
SHA1 5d988dc96a93b5ed210350628bd01e10114b217a
SHA256 a85419b091d4b0fda9e4039f998c991bb096b615100c4c71131c7e2e3dd1a713
SHA512 09a045d3c97ecb9a1da54268c509386eeefe81d6a17de1741e2a70b33b2856b213bca30c3d45aa916f4b235b56102571433ff456f4730d72a7319c3e7478b515

C:\Users\Admin\AppData\Local\Temp\CabD13E.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarD191.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555c00560475c1be81b2c977bab851f6
SHA1 814980e909c474d1c341c947b3e3b4d8c33977f1
SHA256 92a81091c4fb1acb3d3a255b70137f9a4f047128c933d3ff77b2f3e76d7fbd0d
SHA512 fc286720eb21771365926e39f4c9ac6cab77066162382aaffad64ea497542cac9b2ba6ecda2d2808705466b7f52a589ab3e158a9e88f037f8c7a2ad0da50098a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 208786c17c6ee661e76cd15857a02c20
SHA1 2f224bc6d8f621757708ceb4343606d48fc37d3c
SHA256 93f895b6df50ca2239f0201f20dc73e2a3bc54db947c69d2c7578ecf797ac225
SHA512 3f8df0509cd4e867f75124255d349f8d88205f89478e0f794ae53f1e5315c374e8d0f770f6a82437b0d648112d85d3493f902caeddef987f7b4b47370474db58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f928aa830c0ee528a70f99601af1d68
SHA1 4dfea3a47d0d7a61b5a3b5e68ea9906503d4ed9b
SHA256 0cce7c939c5e4e227ae45fe9d6fa58e1f6a759cf6ff81b82b1566f2331b6c40e
SHA512 16b821339658407329463d5ff1c0682caa9cc4b65e4dc01ddaf21b5693198b0e928602e788603518156004f0ec1aeef2d58b5ec82e49e488f935876a79333cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2242a1ab622b8c13d1cb1f50f015a7c
SHA1 a66856227c7ea3ce40059252aead6c6e85165d08
SHA256 35b0c40117e2f3a22ee7f918fa4c398ae90bd6ccea9675aa073f3d4adba5fc6b
SHA512 e8e788e5e11e6a6f68984f3a1f9f91dd909bc458f14de3ae1d996afa8e744d0be6f6778b222eb410dc9fe337f844b3c9682b9817e279ed80bd497d8a914b6de5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cdbc2671437f57a86b28b6e547bf66f
SHA1 7fde46cc11e4c91d1d6358b6c0ba68448f0a6e0a
SHA256 4dec173124d2a50b019f9e054bfb376754f44a808e03370bb0f5ef83b26ec912
SHA512 a6352fb7ba09722124fb3aa61905ac3cd7c0b6e10460408b8823969e7cfd2645413ed3d23ca1338301234829ef4b1f96cbf6ec163e4cac9c512186dbb7836340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a5a28903d16d35154db0d399d1231a
SHA1 de54783b457d15649a6a062686586d889d75348a
SHA256 c40a1f410ebedc86443a0207b0be688d5959dd3ab00ca6f961228b8ac8679c4b
SHA512 7a3d14b1fffb3404b0032d930c79ee73d31c72079cc0dc9a3c592e25be1d80f1cb0b330325b4c745999f1dc4923fbea75bb66b7fdfd4b19816c96c2eb1ae23e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\NJCH0CFZ.htm

MD5 521bccf2651984b3147abf8647940a3a
SHA1 1ada63405653f317bb085a57eed76791f1b7973c
SHA256 100bbeabf0aa834873c2018d927fdd9c66662e8085001af165265c5b32108f62
SHA512 9ed13acf366e2b7b1c5714e1b5f64bfa51bd960afad9f730cd7680ca26671d56c19d3ace4a5b7409b76b757f38c6239dd9b334aae56a16772139d1b63bb676ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33442c555237c592980e6f46d41bf0c5
SHA1 8a0e6e53e6a331ad92d01b922bc5a592a6a43adf
SHA256 bb73b16298c47a8dae43f50f32f93607bf5f7084591fd98824b07ac56c0f3098
SHA512 5d21a46b7fd8a0b06f89b14f5345f3d95e105ad211b31f0e52e43a636719121eba5f08b6f9b18c5f4ee99d7a95c9686be5eeebc56aa5c73838a0e7c6de81652b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a4cf2b3391c8c3bd90235f6d84004c7
SHA1 2cf8d16a71834eed86a3b96f910a9d929ceeccb9
SHA256 5745853591a1291d3a57bdab0d983a2ab23684403af5058b682c96041f51fe00
SHA512 f0d4ed9e5141eafed7f70ec5f50932c68713a7eef415016e2fe0b61a67abae33501ac28c34123825823e337b1dbd0aa3ae947029a243ddf6a1f621dd39408adb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d80f57b308095a330530a5509630115
SHA1 637d0472da5d5593038733f05040c4041a1b63f0
SHA256 c33069a521ebc29baa004e86d027828b97359c8374b34bda02ae26756fdab42a
SHA512 b1b8a3b4c4deb74264012dc40d7c82c9fbaefecac4d22ddcbf0c0b21b17d0f69536e480d0becc45ca9dbc64c7bf165e78228a2662966e388e9856897df9a3b4b

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 75da00e936d062e05d8b5a0ed6d6d82c
SHA1 5a9e3722b2e6fd1cb137c47f0f8df3843799280b
SHA256 d635bc48301b66064e660017f692f35003694681cec868908a7fa2e44da240ba
SHA512 18532abfa1567cf75202e301e9b734aa7f9e32f68a8b2079bf652de4837fc5ea86ff4f8b1652ed053dbb13773893a64b0cb2a0529b430a75d0351f495408fcf1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\6RUS8KK8.htm

MD5 b1c333d8d4a663e4eb562552e4c26ce5
SHA1 0eadfa0c72ff204db7c6eccc327a01343b589677
SHA256 7a0e86dce537a69e36ed41866606c3337aab77283aae65138226775e14776875
SHA512 9b84e25598143cc84cb7458e2003859be65b417d1ac2b1c52c91a4676b069bf3c686b0cde73e5f0118b5a2d9dc3e75a7d95bce02eafa1990280a0bd70e0610f2

memory/2200-623-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-624-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8936833f9667ddfc6c88ae9e27c9d57c
SHA1 ecbb7e3f560ac5747c74fb6a2997f9f6ba30a2c4
SHA256 9dd520153612deb8b7bf35a8d2d2d14faeef32a343cbcf611574f3b7ae95ef4a
SHA512 17e37581184ad4d6f378d65040e8d381eb905c91a55e813f2da8c821d98018e208c9f1410206e71933c239c9d20f3cfd2ad81dc98b70f9f7a6614f3bc0b4116c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65d7a5b32a7ac36465809978727ba05c
SHA1 df0a82c0f29693385d3c8039f919a2d113ac8a0c
SHA256 4010875e6348c8dd6b232d8e4cd74cc021d836cf644fccecfa59f0f334b97ef6
SHA512 c68e2b0d886541d52cd46a6cdfbb72c3c9e5f3e15783b0f76715774c7c57bcb1de5c9877d112ac9025a03edb6ac717ecc22f98c22d511dd485880256af446287

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ec69b51164082af126fddede1dc813b
SHA1 f12add65c1fc42b0c140fcb0846ca4f77d2c8938
SHA256 bd22d1821b6b9cf3c2e8b6fc78262f81c1abb3dc0a7d4ab895c434474d8d5e27
SHA512 2089c0539eea26ff0f9a7884ab1bdafaadf0bcbcb2e292044be22b93f0daee3642995923c7c4cd46a84b6143f13401a44a4c112083bc718ef24f14d2ffeed42b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d207a8ef69b488429546a334330364
SHA1 f9bdb583422f5549910fdb0cc88ebb29d5894d84
SHA256 d2f72b554c3699082236e6d18bc3f8102259dd777c9973deaa613454fbcb6d55
SHA512 caff58b6f7389ad50306a740ee252e540388136af619f8ca719c2eb344b133f1f0e44fac60df9dbf1ca861b974a531c23dbcd3531ebf715cb940b49edd1e66a6

memory/2200-903-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-904-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2200-907-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1648-908-0x0000000000400000-0x0000000000408000-memory.dmp