Malware Analysis Report

2025-03-15 00:44

Sample ID 241023-1fk7va1ajg
Target 616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae
SHA256 616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae
Tags
mydoom discovery persistence upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae

Threat Level: Known bad

The file 616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae was found to be: Known bad.

Malicious Activity Summary

mydoom discovery persistence upx worm

Mydoom family

MyDoom

Detects MyDoom family

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 21:35

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A

Mydoom family

mydoom

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 21:35

Reported

2024-10-23 21:38

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe

"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.18.2:1034 tcp
N/A 10.0.0.32:1034 tcp
US 16.18.10.121:1034 tcp
IN 4.240.78.106:1034 tcp
IE 159.134.164.135:1034 tcp
US 15.204.154.223:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.11.9:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 16.102.1.35:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
IN 4.240.75.51:1034 tcp

Files

memory/3068-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/3068-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3068-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-34-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-35-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-39-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-43-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-48-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-52-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 454f7d0664f7dfaed267d9981ed92042
SHA1 f3d8507e68269e243c4a15a4e201e69d4756cada
SHA256 49938e6ee7a3aa80043b94cc667764c22956482c38e38943fa613a09cce83da2
SHA512 fec05a74417f54a451a89d0ce5b9988b54ef5cce0649ec73a477f54e6f3775259bf3863f5414740f1c35f020530eb3df44354dabf832357eedc4f6f3d3ec32ec

C:\Users\Admin\AppData\Local\Temp\tmpD9AF.tmp

MD5 02bb656d82edfde11f4fd3f3780046b3
SHA1 7bf5a81444d4f73a2e5522f18f24d460558c54fe
SHA256 61c5735c5ad56f9ddec345a1235da6c1d1f18897ffc6e93cb9f1fcd418181db5
SHA512 e942e3cd7f207956903f69014840b157b5bf8a8be9ad5781f01544a3b06e472d70b70e6f5afc2e8d958919f659b13b4f6e6294b32a74a752571036989ed565bc

memory/2668-76-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2668-79-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 21:35

Reported

2024-10-24 21:53

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe

"C:\Users\Admin\AppData\Local\Temp\616a7147a16a0f00b7583936d89911bc790709f8c7f7422a58203ae2f06eadae.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.18.2:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 10.0.0.32:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 139.190.18.2.in-addr.arpa udp
US 16.18.10.121:1034 tcp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
IN 4.240.78.106:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.40.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:80 www.google.com tcp
US 85.187.148.2:25 gzip.org tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 172.217.169.36:80 www.google.com tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 159.134.164.135:1034 tcp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 142.251.173.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 15.204.154.223:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
IE 52.101.68.13:25 outlook-com.olc.protection.outlook.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 16.102.1.35:1034 tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.223.2:25 outlook.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IN 4.240.75.51:1034 tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 tcp
GB 172.217.169.36:80 tcp
US 209.202.254.10:443 tcp
IE 212.82.100.137:443 tcp
US 209.202.254.10:80 tcp
IE 212.82.100.137:80 tcp

Files

memory/1064-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1532-5-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-23-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-31-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 be6f665f3c862b61e60c598135bd652c
SHA1 edbd3b13deab1cbe9313852104ed3fffd9b1acd9
SHA256 345bc84a2bdd11b81c15367f96b4e6b88313d318b2ac3fa2564dfe1cdfb70d42
SHA512 aafd8593a7b892bbb457f8865d50f69d213545e766f4e3ae1eaf1d471427dbd492af778872d6738a3b5060fb365031f7930a8a430907d4ad6163623a827260fa

C:\Users\Admin\AppData\Local\Temp\tmpB561.tmp

MD5 e50c959ab5f95f7670e901f897349d8c
SHA1 08407851de6497e73dccf820be2ae3f83b63c044
SHA256 1ea55bde7ab564d25c50fa6e7f556b21507dbf673500558e15baea5d02ebbd3d
SHA512 f6979cc8acb7f7c1b399c197acee31330e6438bde02421debf423fa4605ebba7b835daee30f56e3d937f9d712f2c10642f302bfb998622a88b8f159c84b9001a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\SR32KYDI.htm

MD5 443ce10a09292a7b5da19e84e497bb0e
SHA1 5d96eac41360cd1180b2f057ef70490187f030c4
SHA256 0cc66c2d696f212ac0b33e35cd87b34726550060c3b1d77ccd2c2789e37197fb
SHA512 748793642caf0b8dab3bb41c7603fef7e2b49384a790adeafb20d9c0d040749c7113ae95ff516a304ff90f00852a6166581905281cc4edd2cf725f6c131ccc09

memory/1532-126-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\search[3].htm

MD5 5b32684f7a3a1c9849ea1b5832a32719
SHA1 36ffe0c782429d6f0039ce998ae1539393573f55
SHA256 b710c58bfd3288fb9e8a8aeff392924dd7e985245bbefea6c6481513c16eca4a
SHA512 3fea6c5198f2137ededbfada2a7c4ef6e9b219c75947a362c03f0863d062a64d570132103659be5ecfbffd633653216d3bd8d488c1ad4e566ba90322e10718dc

memory/1532-172-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-176-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-177-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 11c91c632c905c0c9d4ed15fd3173bda
SHA1 5ba671a6b4eb6b259678daa51b9ccdb08bb0f2ac
SHA256 37ebddee525b9fc2cace66da56107e653f3169f0b878f3c5699cd5e037c32379
SHA512 4301868d0b9323da2858a466c40a7b021f47452828ec812159389fe98016681d2e5823b79fce6c436de91ef70255502b88852165e4179bfcee4a3cd8607cc274

memory/1532-202-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-232-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[1].htm

MD5 5431b34b55fc2e8dfe8e2e977e26e6b5
SHA1 87cf8feeb854e523871271b6f5634576de3e7c40
SHA256 3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA512 6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[3].htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

memory/1532-268-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1532-304-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4OVS68NE\default[4].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\search[1].htm

MD5 b8533bd7565343eab9f4f16538a621ac
SHA1 9a35665a3d2f7f396b257a726fb62c93c0adbd84
SHA256 8ce008fdab9a0507c6c66977f25aa3c8fab5930220bfd8c531e576c12ca0afb9
SHA512 cb699d2e246bf2b7ac0a69dbd6eff78b16e29f4c4b78b54ce83d850b9c75c0d707e53f42d007d8bd39978173e9597ce1a7d4fe2dde15a2dcafbea48e686cf161