Analysis Overview
SHA256
f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8
Threat Level: Known bad
The file f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-28 19:56
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-28 19:56
Reported
2024-09-28 19:58
Platform
win7-20240708-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
| PID 2184 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe
"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.2.155:1034 | tcp | |
| N/A | 10.93.103.153:1034 | tcp | |
| N/A | 10.202.221.84:1034 | tcp | |
| N/A | 10.127.0.3:1034 | tcp | |
| N/A | 10.150.78.55:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.11:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.156:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
Files
memory/2184-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2184-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-9-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2060-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2184-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2184-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-46-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2060-51-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-55-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2060-56-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 40df2698837cb8478b870a562163e0d9 |
| SHA1 | fff7338574bd4c59d5e068dab3c9d4f85834af23 |
| SHA256 | a41ac35293df1c6667fbd2fa7240769b61942595a510d92b90b184994daeb28f |
| SHA512 | 7ec1b4d65445c1dad443acd5a8e2bdbe9ac165b092ee97bdbc2fc8c80a92f9224fa72400658fe092dbdca77220dab91905ec9a94c03324ec5ef03ead1208a5b8 |
C:\Users\Admin\AppData\Local\Temp\tmp8D82.tmp
| MD5 | 8f29497924b02e08ca00e5a28fe11886 |
| SHA1 | 37ad36086d954e1228dce96579e7017ffe0dd6b3 |
| SHA256 | 6c2300d27debb360c3de1d91eee6a7a8e4dccb0b76312c4981dce4b8a17fbfdd |
| SHA512 | 3ea00da65710735d1944d8e51055043d5fabf00b89ba5839df75b8b3221faf2d0531e1165b97e91e312058494556180e17358c3c4c3d46ad5425d528c25c8efa |
memory/2184-74-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2060-75-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2184-78-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2060-79-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-28 19:56
Reported
2024-09-28 19:58
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1140 wrote to memory of 3500 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
| PID 1140 wrote to memory of 3500 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
| PID 1140 wrote to memory of 3500 | N/A | C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe
"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.2.155:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 10.93.103.153:1034 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| N/A | 10.127.0.3:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.10.14:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.75:80 | r10.o.lencr.org | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 10.150.78.55:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| SG | 74.125.200.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| N/A | 172.16.1.156:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| TW | 142.250.157.27:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| NL | 52.101.73.27:25 | outlook-com.olc.protection.outlook.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp |
Files
memory/1140-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3500-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f0a99e6bc2a609c9a36963ffe8400cb2 |
| SHA1 | ee3e834031f960bc6c50c29455704f1ecf497192 |
| SHA256 | 705bb1f28a4f620aad221d06f486c56c7b685bafc4e875f2aadeb9795a11869b |
| SHA512 | a1a5586adbb7288e847d562d5d756538dce7dba1b7fbab8f807dc179d5017155cf4e374246d34d32b068bda529fd12393f7859c6bb90208e77e9e6fecb51974f |
memory/1140-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1140-37-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1140-39-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | dc568eba27201589519630a82e8e43ee |
| SHA1 | 39ce1dc4dc14d019056c379d579b6ce34e4d17ad |
| SHA256 | ddee1b51b4f609817594f616c3b61e22f7709fc4f87026999a1cbd301478c38b |
| SHA512 | 72a35a487f30d1f684bc1341fcf61aa1ebd5459962156746cbbac26c958f84faa9db1df8fc2052e93e5ce987747704bbef8e0030e8c35b681d464b4b944a404d |
C:\Users\Admin\AppData\Local\Temp\tmpAF8C.tmp
| MD5 | e46ebc02db0544be78a0676e56a06ed6 |
| SHA1 | 97f00c11323f65e28c01f8d8dfc698a6fa8e8773 |
| SHA256 | f4182f6202ece74af5a18bbd09dd3fe0306091414631fe264b915494adb2cf8f |
| SHA512 | 2286319124c01875f7a244577d52b5eae0f9f6721ccc19af8783035bd68e168fd3d930238fe7d8a642511d357cdcf10bcc0ca20d39d652e7aacc620301a7c4ef |
memory/1140-130-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-131-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 49ec4cfca59fb02e1483d6f613bf273f |
| SHA1 | 33e0386afc985dd852e95749ac674e65abf5e66f |
| SHA256 | a04ab21c3173a22b16d9f308e5ffab6d700f43e0da11786bee3bf0f627b41df5 |
| SHA512 | 774e849c7593e9725cbe9498d5aa28df8c18ed74deab4aa7c151dfe190c8c935a9882ee10dc9ff5afdc5ae31312b7989dc977002eb4419f9be56e9fecb386a84 |
memory/1140-158-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-159-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3500-161-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1140-165-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3500-166-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c2e70d18698a0c6f995b085d50d3cd8d |
| SHA1 | 2e9f63a046f891e0c816b40d773662d13239c834 |
| SHA256 | 273abb4c5574539873bd1d0552ab837ef2cdd546cba3c4138909a852411097d0 |
| SHA512 | 0c2c10793f2aae2d47063dd9166bc903f4fb051a72113588e1bd2384f49561bd189d10854cf457f7718b4290353c921c0bbf645b2a352b07a22d6dfe0b511a45 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\N27JXEQ0\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |