Malware Analysis Report

2025-03-15 00:43

Sample ID 241023-ny9xpsyblg
Target df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN
SHA256 df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ff
Tags
upx mydoom discovery persistence worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ff

Threat Level: Known bad

The file df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN was found to be: Known bad.

Malicious Activity Summary

upx mydoom discovery persistence worm

Detects MyDoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 11:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 11:49

Reported

2024-10-23 11:52

Platform

win7-20241010-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe

"C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
N/A 192.168.2.18:1034 tcp
N/A 10.152.243.207:1034 tcp
N/A 192.168.2.11:1034 tcp
N/A 172.16.1.165:1034 tcp
N/A 172.16.1.165:1034 tcp
N/A 192.168.2.12:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.34:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.14:1034 tcp

Files

memory/392-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/392-4-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/392-9-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/392-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-44-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bcepeU.log

MD5 54eb21a47e5dc871e31a8517a28ab829
SHA1 c2bb8c63f3010438609ad2e2dd88dae49e1c4e3b
SHA256 ad62fa9d0a9bd6b0e225cb62f645cff9a92a6a061a653d6ee3237cb549165b19
SHA512 35ef1a3f71bf22df52689658397bc6af2e4f40b0d987500b5a42e62e1b4d9078a0798a35ae9347cd60a7bc2c062e46fe7e7e6d17c014e64670db748ef96db334

memory/3008-49-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-56-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3008-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/392-65-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/392-67-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-68-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f86a81f2420c1829d9d21b7dfad36268
SHA1 e480adf7a0b3f8318465a4f14e18eef909e7feeb
SHA256 93e1d806a74f688a0c237f0d38dad4dc6119ea910f426bb55a54bfec5af4dd20
SHA512 40574d72b32b04cfab9ea387b691508caac4ef822cec2170b4704715b224471443ac839a49101edeafa81f894d4d6db7673e762ae1c662f985cd302dd1faea6f

C:\Users\Admin\AppData\Local\Temp\tmp314F.tmp

MD5 0894c568824902d7d856a7cdcffd8b57
SHA1 95bab2ec050c5ae8ba72d98ab1cf031f736fae0d
SHA256 291603ea4076cd8e932848613f4a2bbf520300d78503d59870fdd0da162cc079
SHA512 7996b6d95dd31f2d35b8c70d5615ac00c64ad5062993b103d1f04f416fc1b1d7fc6dec12cf5336873d1c1b0aa6311f9816e71e4756999e76d658f28e8ebe5a66

memory/392-88-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3008-89-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 11:49

Reported

2024-10-23 11:52

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe

"C:\Users\Admin\AppData\Local\Temp\df22532e7d2ddb9a99d116a926caea0d1d3423c35dce6d479c0c18ffdfd3d8ffN.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 10.156.133.4:1034 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 192.168.2.18:1034 tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
N/A 10.152.243.207:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
GB 173.194.76.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.42.9:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 www.altavista.com udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 192.168.2.11:1034 tcp
US 8.8.8.8:53 aspmx5.googlemail.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
SG 74.125.200.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 104.17.78.30:25 acm.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 mail.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
NL 52.101.73.0:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
IE 212.82.100.137:80 www.altavista.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
IE 212.82.100.137:80 www.altavista.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.165:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
IE 212.82.100.137:80 www.altavista.com tcp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 8.8.8.8:53 outlook.com udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 52.96.111.82:25 outlook.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 192.168.2.12:1034 tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
GB 52.97.146.130:25 smtp.outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 kinoho.net udp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
GB 142.250.200.4:80 www.google.com tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
N/A 192.168.2.14:1034 tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
GB 142.250.200.4:80 www.google.com tcp
IE 212.82.100.137:443 tcp
GB 142.250.200.4:80 tcp
GB 142.250.200.4:80 tcp
GB 142.250.200.4:80 tcp
GB 142.250.200.4:80 tcp
US 209.202.254.10:80 tcp
GB 142.250.200.4:80 tcp
US 209.202.254.10:443 tcp
IE 212.82.100.137:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.200.4:80 tcp
IE 212.82.100.137:80 tcp
GB 142.250.200.4:80 tcp
IE 212.82.100.137:80 tcp

Files

memory/3516-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4288-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3516-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4288-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4288-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4288-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3516-27-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-28-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 582f130bcc467af50de0446344934d48
SHA1 70cbbfd617eaba503bc22185c3e6eade162c4509
SHA256 6c24c78090a1feb3a032fdca1a481e056ee01a28e547bcf5a942b49606ae9090
SHA512 5c8b1fde66c205a3cce85a8edb1c0650dd79dc13ec5fb768aa6097128433b735ed818d827e11174b576ea4bc84b8427f74297d7ce5eaee940e625cac3ffc935d

C:\Users\Admin\AppData\Local\Temp\tmp4FB3.tmp

MD5 b39c7e0e5157ddfa87973b1db3fb9ef1
SHA1 8fdbf9424a303ef52e30354df24b266e414e4f62
SHA256 06c34d5eae7143fd3f2d05b203e1ec081daa05795527f8e5904cd7a9c895f708
SHA512 9344c687ff5a51993c464ff561209c2a5f151f3d177acff20a19be8beb1582768bbf421000c440164134b8b4ac342e8a6e980d5106474d1e1fb202f29d6971e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB8IB6GH\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/3516-115-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-116-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3516-155-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-156-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3516-157-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-158-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\azlQy.log

MD5 0b920ccb569e0a8a4ca60ed9ed0d4e60
SHA1 349e3cb2e534bc532e97d0eba63b7809e0cd1025
SHA256 0e9c91fb17f40a9ec5d48118fd0f863baa2f34f646caf9afd0ab2ea064f5b14a
SHA512 68be064e97758bd469dcf63d19f68b20b37ec10ef8890e7bb59fcae54fea5f1b041960647b3952780afb143714cea30dd85fff00e674c59c3f11514998f7aecb

memory/3516-162-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-163-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 50affe82b6e811eeeb2b18f5cb534e8a
SHA1 e8d5703ed62f7f556d0d8b1f8b82269252c15724
SHA256 d2bfb42209852cb3bfe2d3460e29251c62efcb494ca447498fcb8aeaa3b36e6d
SHA512 8d105f77a0f225395dff37fd3febe3c6bb4f356dfe6460d6b468a37afadd00bbf66f4e4822629a9db8cce5706ebedbc777242b00c5a51af0a2a7056290410ca8

memory/3516-180-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-181-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB8IB6GH\default[1].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

memory/3516-210-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-211-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3516-242-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-245-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3516-278-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-279-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\default[4].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

memory/3516-310-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-311-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\default[7].htm

MD5 550379217493ee8717fc3e3d4fa13cac
SHA1 818a353efc5e626fb3994615e75cf98ed1ed77fe
SHA256 f80e2736a817ca49088e7f671f832dac4566233b1c9c1c75d42308bf6705e56f
SHA512 dc4715dabb40202e454d501430a64f16704200c17d05e8209ac9e331edab4834daff25f572ce18031e4a2ca112d5fa2098b982f870e021ab9d1b3ce6497abe4c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OIPZWEW8\default[4].htm

MD5 267ddfdbb8d492b25de208d84b290f1c
SHA1 9f57d9f19f25549e1232489a0c101a92e851de2f
SHA256 ef1f87447ae1ab45548d2934cf0dbd15a32b86359ff9fccfa48d76c1badf6586
SHA512 0709aa62d39d419d335183235dcf328e1dfe6997bd9bfbdeb01bb050df8dcab63ec2d4f46e4718ab389fa8e12af66dec2e3019c8871ac6e40927a25cb706c6b3

memory/3516-339-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4288-340-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 fbf174854a390a23891af55309e5dfc0
SHA1 c8970034eb0d7ec03498bb2273a275ecd3479f6a
SHA256 967e75d2ba4b868b345cc8a210595871452533e04ea55a85aa67b3f3ee90fd84
SHA512 602f46c69f2f2dcc226120225017f1cdde21bd8a6f71f36aa45b613e36c97a3f81a62f2bc20e874e1b36a6b7f1d5073005ab5835913f848d1f8dac551de9de33

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\default[1].htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257