Analysis Overview
SHA256
616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae
Threat Level: Known bad
The file 616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae was found to be: Known bad.
Malicious Activity Summary
Mydoom family
MyDoom
Detects MyDoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 21:35
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Mydoom family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 21:35
Reported
2024-10-23 21:38
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3068 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
| PID 3068 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
| PID 3068 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
| PID 3068 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe
"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.18.2:1034 | tcp | |
| N/A | 10.0.0.32:1034 | tcp | |
| US | 16.18.10.121:1034 | tcp | |
| IN | 4.240.78.106:1034 | tcp | |
| IE | 159.134.164.135:1034 | tcp | |
| US | 15.204.154.223:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.9:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.102.1.35:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IN | 4.240.75.51:1034 | tcp |
Files
memory/3068-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/3068-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3068-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-52-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 454f7d0664f7dfaed267d9981ed92042 |
| SHA1 | f3d8507e68269e243c4a15a4e201e69d4756cada |
| SHA256 | 49938e6ee7a3aa80043b94cc667764c22956482c38e38943fa613a09cce83da2 |
| SHA512 | fec05a74417f54a451a89d0ce5b9988b54ef5cce0649ec73a477f54e6f3775259bf3863f5414740f1c35f020530eb3df44354dabf832357eedc4f6f3d3ec32ec |
C:\Users\Admin\AppData\Local\Temp\tmpD9AF.tmp
| MD5 | 02bb656d82edfde11f4fd3f3780046b3 |
| SHA1 | 7bf5a81444d4f73a2e5522f18f24d460558c54fe |
| SHA256 | 61c5735c5ad56f9ddec345a1235da6c1d1f18897ffc6e93cb9f1fcd418181db5 |
| SHA512 | e942e3cd7f207956903f69014840b157b5bf8a8be9ad5781f01544a3b06e472d70b70e6f5afc2e8d958919f659b13b4f6e6294b32a74a752571036989ed565bc |
memory/2668-76-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2668-79-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 21:35
Reported
2024-10-24 21:53
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1064 wrote to memory of 1532 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
| PID 1064 wrote to memory of 1532 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
| PID 1064 wrote to memory of 1532 | N/A | C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe
"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.18.2:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 10.0.0.32:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.190.18.2.in-addr.arpa | udp |
| US | 16.18.10.121:1034 | tcp | |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| IN | 4.240.78.106:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| DE | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.40.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 159.134.164.135:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 142.251.173.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 15.204.154.223:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| IE | 52.101.68.13:25 | outlook-com.olc.protection.outlook.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 16.102.1.35:1034 | tcp | |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.153.26:25 | aspmx2.googlemail.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.223.2:25 | outlook.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IN | 4.240.75.51:1034 | tcp | |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | tcp | |
| GB | 172.217.169.36:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| IE | 212.82.100.137:443 | tcp | |
| US | 209.202.254.10:80 | tcp | |
| IE | 212.82.100.137:80 | tcp |
Files
memory/1064-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1532-5-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | be6f665f3c862b61e60c598135bd652c |
| SHA1 | edbd3b13deab1cbe9313852104ed3fffd9b1acd9 |
| SHA256 | 345bc84a2bdd11b81c15367f96b4e6b88313d318b2ac3fa2564dfe1cdfb70d42 |
| SHA512 | aafd8593a7b892bbb457f8865d50f69d213545e766f4e3ae1eaf1d471427dbd492af778872d6738a3b5060fb365031f7930a8a430907d4ad6163623a827260fa |
C:\Users\Admin\AppData\Local\Temp\tmpB561.tmp
| MD5 | e50c959ab5f95f7670e901f897349d8c |
| SHA1 | 08407851de6497e73dccf820be2ae3f83b63c044 |
| SHA256 | 1ea55bde7ab564d25c50fa6e7f556b21507dbf673500558e15baea5d02ebbd3d |
| SHA512 | f6979cc8acb7f7c1b399c197acee31330e6438bde02421debf423fa4605ebba7b835daee30f56e3d937f9d712f2c10642f302bfb998622a88b8f159c84b9001a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\SR32KYDI.htm
| MD5 | 443ce10a09292a7b5da19e84e497bb0e |
| SHA1 | 5d96eac41360cd1180b2f057ef70490187f030c4 |
| SHA256 | 0cc66c2d696f212ac0b33e35cd87b34726550060c3b1d77ccd2c2789e37197fb |
| SHA512 | 748793642caf0b8dab3bb41c7603fef7e2b49384a790adeafb20d9c0d040749c7113ae95ff516a304ff90f00852a6166581905281cc4edd2cf725f6c131ccc09 |
memory/1532-126-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\search[3].htm
| MD5 | 5b32684f7a3a1c9849ea1b5832a32719 |
| SHA1 | 36ffe0c782429d6f0039ce998ae1539393573f55 |
| SHA256 | b710c58bfd3288fb9e8a8aeff392924dd7e985245bbefea6c6481513c16eca4a |
| SHA512 | 3fea6c5198f2137ededbfada2a7c4ef6e9b219c75947a362c03f0863d062a64d570132103659be5ecfbffd633653216d3bd8d488c1ad4e566ba90322e10718dc |
memory/1532-172-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-176-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-177-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 11c91c632c905c0c9d4ed15fd3173bda |
| SHA1 | 5ba671a6b4eb6b259678daa51b9ccdb08bb0f2ac |
| SHA256 | 37ebddee525b9fc2cace66da56107e653f3169f0b878f3c5699cd5e037c32379 |
| SHA512 | 4301868d0b9323da2858a466c40a7b021f47452828ec812159389fe98016681d2e5823b79fce6c436de91ef70255502b88852165e4179bfcee4a3cd8607cc274 |
memory/1532-202-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-232-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[1].htm
| MD5 | 5431b34b55fc2e8dfe8e2e977e26e6b5 |
| SHA1 | 87cf8feeb854e523871271b6f5634576de3e7c40 |
| SHA256 | 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432 |
| SHA512 | 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[3].htm
| MD5 | ffb72ab4faba49ad441ce07db37dd8b6 |
| SHA1 | 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e |
| SHA256 | 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660 |
| SHA512 | 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257 |
memory/1532-268-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1532-304-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[4].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\search[1].htm
| MD5 | b8533bd7565343eab9f4f16538a621ac |
| SHA1 | 9a35665a3d2f7f396b257a726fb62c93c0adbd84 |
| SHA256 | 8ce008fdab9a0507c6c66977f25aa3c8fab5930220bfd8c531e576c12ca0afb9 |
| SHA512 | cb699d2e246bf2b7ac0a69dbd6eff78b16e29f4c4b78b54ce83d850b9c75c0d707e53f42d007d8bd39978173e9597ce1a7d4fe2dde15a2dcafbea48e686cf161 |