Malware Analysis Report

2025-03-15 00:35

Sample ID 240929-a4664stanp
Target fd797331f831508c0655c0b2b6e03915_JaffaCakes118
SHA256 fdbd26bd30c430bd18abad1d5a3798d8bbda37d6f6169f6a2de1d74eed0edb84
Tags
mydoom discovery persistence upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fdbd26bd30c430bd18abad1d5a3798d8bbda37d6f6169f6a2de1d74eed0edb84

Threat Level: Known bad

The file fd797331f831508c0655c0b2b6e03915_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

mydoom discovery persistence upx worm

Detects MyDoom family

Mydoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-29 00:47

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A

Mydoom family

mydoom

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-29 00:47

Reported

2024-09-29 00:49

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 169.254.111.29:1034 tcp
IN 4.240.78.191:1034 tcp
US 16.115.193.27:1034 tcp
AU 16.51.193.226:1034 tcp
US 15.128.30.40:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.10.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 15.155.187.54:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
IN 59.161.21.86:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
ZA 196.208.69.28:1034 tcp

Files

memory/804-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/804-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1148-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/804-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-45-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 57c2240f06865a77c5bb57c739b058f4
SHA1 1ff6aeacb2b6a3b7a229aa3f4ee4be0951e245a2
SHA256 db95aca9beeae09eb5b3005a13f40481c9ac1aaa141cce4b2c6ac8c3e8f3ec52
SHA512 1a59403d7237a298f981cd256351ecb19dfab9bc874c349a7f2545d9f9face77f3b6b2a1c01d99ea3138f5a94f9c158763caa721f8c68df4aef06e14ee7eb3fc

C:\Users\Admin\AppData\Local\Temp\tmp35C0.tmp

MD5 d17f4fd8d883eabbeb8d0f28c252495c
SHA1 7ff8c3e57dffbd918eea8d498465834b37187361
SHA256 f5f4140ae018073a9d77cbea8f2406067385c1aff3e65046dcbe607f8de9726b
SHA512 e4213592733d58384ba1b8e06de13e4e3f7e3ea530ae88169ead2e44f2ac00394326d1f303404423a0662a1f5db6ca53494cea419d1e43f1a2c9b99a6ac848c7

memory/1148-62-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-67-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1148-71-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-29 00:47

Reported

2024-09-29 00:49

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\fd797331f831508c0655c0b2b6e03915_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 169.254.111.29:1034 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
IN 4.240.78.191:1034 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 16.115.193.27:1034 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
AU 16.51.193.226:1034 tcp
US 15.128.30.40:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
SG 74.125.200.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.11.15:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 15.155.187.54:1034 tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
SG 74.125.200.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
IN 59.161.21.86:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
TW 142.250.157.27:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 52.101.11.18:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 65.254.254.52:25 mx.burtleburtle.net tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
ZA 196.208.69.28:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
NL 108.177.119.27:25 aspmx.l.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.91.34:25 outlook.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 8.8.8.8:53 smtp.gzip.org udp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 65.254.250.102:25 mail.burtleburtle.net tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 tcp
IE 212.82.100.137:443 tcp
IE 212.82.100.137:80 tcp
GB 142.250.180.4:80 tcp

Files

memory/1196-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2656-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2656-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 955a51c8738afdb1e46b4b431bbd81c2
SHA1 17c354660e4047e9916fc8deeb7f6e57d727ba78
SHA256 b431772f99465d94cd0916989fd35444105d8ec7522a6fd297caaa56bbf59b85
SHA512 a63a989371181406a223fc7cf0e0861ee9a2e9eeba6466f3a54575d95e168109f9e1a788af9f6c0cbd44abe49616d88ef367ef1c89394d4ff72f4b8f1c20d66b

C:\Users\Admin\AppData\Local\Temp\tmpD241.tmp

MD5 c84275c647ab187445571ed716953c67
SHA1 0b2e43ce14f3c67796526fc8107b2b3eecab891b
SHA256 ec9bb3ea758efaaeaaed4f44dcee811a0d32ea9122305070583d2dc0f8ec91eb
SHA512 b55cefb366a34d6e40632cbf5042bdc0f0fa41e5c74f69730533887bcffd06b90f5a7dc23aa00c7225897e6d3af2ea15a3a962940ab55fdb6989bdcf04dff17c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\951G8FD5\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/2656-124-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 2c64cd62e2709937d48742a691964b91
SHA1 f233331163f18d4d2cef778e3dbdf5aeb861f297
SHA256 126bf8aaaee451e6d37fe926e231e035d9888dcca3553bb629d7b4b634cbcd3b
SHA512 821a18f808886333f060978a08d0068856e622f0d2bd8b439e3266ac71f76f95f9770e971109a2bfa672fdd228d7caf31e2c1570c19b582062399eaba592e8ca

memory/2656-151-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-154-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2656-158-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d56d14660f8724b14e7ab6f52a5e6d00
SHA1 549b7bd2f5d80300ab5485d604ee3cb8499c68e3
SHA256 7f625a62e0ee03e9148350f7557ba7f6434dec373ace2a379d97e17270bb2fb3
SHA512 4de3f4d4a46862cf59bd5b47d8f69080484f4deb30ad66f7dce71adbfa10a9f8292618c14e428e610590af5a011eb874efdf291fdae757846781e526747bb56f

memory/2656-174-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CFIOOOZS\default[3].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

memory/2656-214-0x0000000000400000-0x0000000000408000-memory.dmp