Analysis Overview
SHA256
50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606
Threat Level: Known bad
The file 50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-28 18:46
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-28 18:46
Reported
2024-09-28 18:48
Platform
win7-20240708-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2876 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
| PID 2876 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
| PID 2876 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
| PID 2876 wrote to memory of 2868 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe
"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 172.16.1.5:1034 | tcp | |
| N/A | 10.93.103.153:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.10.107:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| N/A | 10.241.35.61:1034 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 192.168.2.18:1034 | tcp |
Files
memory/2876-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2876-4-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2876-8-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2868-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2876-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2876-18-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2868-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2876-32-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2868-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-38-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4277ee6c910f3d8f43f73f63ecdb69ff |
| SHA1 | 6bb6bd4198b0824ce8fab5772a398eff0fe33dbb |
| SHA256 | 32bc3f9d9e65bb40931a5c879f93f638de7e4f08983dae3921417352e38a4776 |
| SHA512 | 1b859ed01c54c69f62b270f87308ab977b6bafade52a3166527a48a442b8fa6f4b6d1d113b3b81ce681bd9a0e181250cb32bd234469465887c2e6d2e7e70b7e4 |
C:\Users\Admin\AppData\Local\Temp\tmp4607.tmp
| MD5 | f281c083039c85438732c6f909a90320 |
| SHA1 | 69caa502907a895707e978651a9d2f8be505fc81 |
| SHA256 | 0f01aedee5d8d86be54e8b3948978e4f52c8534e34cf2c75c52048552c64578e |
| SHA512 | 29a5101288137bf58715f6118436632ab1a5949a3cb88a7155f45b89f0b197c01cf276a361bebd409e0c1b73728e14c982f1280499f06567d463a512110f4e2a |
memory/2868-59-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2876-58-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2876-60-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2868-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2876-65-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2868-66-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-71-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2868-73-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2876-72-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2868-78-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-28 18:46
Reported
2024-09-28 18:48
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2804 wrote to memory of 4640 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
| PID 2804 wrote to memory of 4640 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
| PID 2804 wrote to memory of 4640 | N/A | C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe
"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 172.16.1.5:1034 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 10.93.103.153:1034 | tcp | |
| N/A | 192.168.10.107:1034 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 10.241.35.61:1034 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.42.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:80 | tcp |
Files
memory/2804-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4640-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2804-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4640-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4640-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2804-49-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2804-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4640-52-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 62e07d5afb66609de79efe751ed19ef5 |
| SHA1 | 8baa270a875e510a4b311df5a5d42696ca4c20d4 |
| SHA256 | 5d9aec72202f0ad01669d3d2935ce04cf7d78efd86178daf41dbbf64a75d1194 |
| SHA512 | c14a6bef54d3ee432313f599281fd8266212202a34c2c39466d5f7616a98ec8f5077682d0a5fe87fd43a49456d447fc5ac21a938be9ef969bad1ddb347afbb33 |
C:\Users\Admin\AppData\Local\Temp\tmpFC1E.tmp
| MD5 | 04502a6b7249cd6a2e21a60587cd9c8f |
| SHA1 | ba19558e5a7962f9256f83de8103d3c3db919698 |
| SHA256 | c23a8c21c5557428c3a74428c44d86eb9a66ae84caa090bd54ee174f4f96d681 |
| SHA512 | 99c73bfa704d676c3ae8390e9dcc1c887e9c965e2948b82ecb85989eeb0404f2a7914f5048c5ff9d856eaa7a34f15e3fba6e214e362692bb2d39d8894487d5de |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | eaae1e6f735337e429aeaf333982b6dc |
| SHA1 | 2bea666c9542532e2ab6edea8f2dcd3b51b79c54 |
| SHA256 | ecebd52337a2fb4d28d481a53bf39ba9ed4987df28b84222824caa9656fc94d8 |
| SHA512 | 379691499fa8afb9d73937121a9dc8e5258237b0b7b670ac45c90b90aedbd0b2445f30be7aa27026905cbe042ccdec61669c9c5b0167c64920a8ddb456a126f0 |
memory/2804-125-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4640-128-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YHMF37VK\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |