Malware Analysis Report

2025-03-15 00:45

Sample ID 241025-gzpvlavhph
Target d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1
SHA256 d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1
Tags
mydoom discovery persistence upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1

Threat Level: Known bad

The file d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1 was found to be: Known bad.

Malicious Activity Summary

mydoom discovery persistence upx worm

Detects MyDoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 06:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 06:14

Reported

2024-10-25 06:17

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe

"C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
N/A 192.168.2.16:1034 tcp
N/A 10.152.243.207:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.11.9:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.127.0.6:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 apple.com udp
US 8.8.8.8:53 mx-in.g.apple.com udp
DK 17.57.170.2:25 mx-in.g.apple.com tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
FI 142.251.1.27:25 alt3.aspmx.l.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 2.18.190.80:80 r11.o.lencr.org tcp
GB 2.18.190.80:80 r11.o.lencr.org tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
N/A 192.168.2.17:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 mx-in-vib.apple.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 64.233.166.26:25 aspmx.l.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
DK 17.57.170.2:25 mx-in-vib.apple.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
N/A 192.168.2.11:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.169.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.169.36:80 tcp
US 209.202.254.10:443 tcp
GB 172.217.169.36:80 tcp
GB 172.217.169.36:80 tcp
US 209.202.254.10:443 tcp

Files

memory/540-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/540-4-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/540-15-0x0000000000500000-0x0000000000510200-memory.dmp

memory/540-16-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2040-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2040-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2040-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2040-29-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-30-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-35-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a2e908af10487dd340ce2cd5daa11510
SHA1 aeffe529cccb80a02e34bca1faecabb4a438b652
SHA256 728a6baab4f10f7cb81e22193ae1c6c5541efde980e05bb13cd305cd8e74ced8
SHA512 54a9a51d5f0032b91560a5d9bdc510d1b96923b9ebeba34bcbe0006bb13dfeb29887788de1535c47924d060d70afb5fe650073d0a1147043d89ba46e999f16af

C:\Users\Admin\AppData\Local\Temp\tmpA6DC.tmp

MD5 66a6d84839d4aa2cb3ef9a9a54a8312b
SHA1 9ad1652645702ec149e6325f75b1ab07f371f4f4
SHA256 d56f3cc0fe37d989931b6f65fa5ac1b1bb2533bb0e6b8e576c6d2da8178ea9f5
SHA512 3125744cafe85562d3da7b212b00980a595a359240293050c00e68843c7bc298e4609ce42eee792f1ef75ccf943d308356d09b832d29ccf78565cdc3a474187f

memory/540-53-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-54-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-55-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-56-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zjg9emFVcj.log

MD5 9ca0a9bb82f2f1e74116148065ecebf0
SHA1 977c1b0830be1f89e3b2ae65bae9fb18adef7239
SHA256 61389d9e37447abe036f19bde03dbb59e30f598be6aebfd1094464cd95e5c52f
SHA512 2955899d0d7643377b0212799666e71c03bff5b47f09985202484db83979a7558063b9144e56ec721f38a4494206a0df06a95f3804e57b336db1fc744ed2baf3

memory/540-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2040-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2040-68-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-67-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-73-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 4ebaeab3ff41ac7048da904cfa3f0ff4
SHA1 f79dcaf9e593cafff42d92dba731b4fdee958bf2
SHA256 f97b8d45ffbb154e63313b515e76fbb25c722cd541fb158de36cfea58b8512e5
SHA512 bec77dd9626e9cce4d570c8152730ed0e025162a816c17aa302dd4b732846a392f43fce23c7a0f629f79a97c7d2a0f913ef7e3bd84886394d0891e8c9aa79ce3

memory/540-96-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-97-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabAE15.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAE66.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 814d1881ecf8047400a29c8cf6ff5f5d
SHA1 75dfdf615b34f5746291fe2905335b972fc0c486
SHA256 a5c307b9655849765c2a2f8f2280f1329bf368a4c60384c17e4fd77f6a1f5f10
SHA512 08d105085f3d2c30fc9fec4e4855094dde24de42c2760c191568eaed25e2372d5c507acac8bb411a25d24930ef025731f1469fe965042c91080dc800cd743eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7402ffa0c436c32751132284ae2b693f
SHA1 091f2e1eda35e94952566455f8b8f51ea6b50a56
SHA256 8638c7badb3aeb65cd30d54076b4728e33778f51fd9a12b680d05765641ca26a
SHA512 1a8fadf29c3d65ebec31cfda2a12fdeaa5ffaaddeaa9737ad58dea83d9dd003beacfef1211e7384ee047f7cfe8cf0b7b0c32942b9800abe80f6b16488da7310b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/540-261-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2040-262-0x0000000000400000-0x0000000000408000-memory.dmp

memory/540-297-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\default[2].htm

MD5 e0c3b4c8541e5bc3cf19d22ccf8365d6
SHA1 9ac1347e4dbce09ddacc47ff46b9cb15b01fd77d
SHA256 69e3c690688497ac57963720235b9181d6ab79161289aed6bc518f2284e75696
SHA512 3c6a7bb5b195dd5e973d180f051ad4979d37bfaa489e6e22c239a2efc007a203c72732496d0db1324a16344606510cba911af242337bd96da4f9832c9f6552aa

memory/2040-308-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\default[3].htm

MD5 ccfe63b884fe4225fa33f618a54ce37a
SHA1 bbb0778c1597eafe7fb9c5c65412f8ab04b2e311
SHA256 f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112
SHA512 858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 06:14

Reported

2024-10-25 06:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe

"C:\Users\Admin\AppData\Local\Temp\d8d9b7c5d9b4b59e8804244d2a2efb4eecf3405f6c430cc59de34d3832a119c1.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
N/A 192.168.2.16:1034 tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
N/A 10.152.243.207:1034 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 10.127.0.6:1034 tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.41.26:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 search.yahoo.com udp
US 85.187.148.2:25 gzip.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.196:80 www.google.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 196.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
GB 2.18.190.73:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.165:1034 tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
DE 142.251.9.27:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 171.64.64.64:25 cs.stanford.edu tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
DE 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.52:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 52.101.41.2:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
GB 216.58.212.196:80 www.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
GB 216.58.212.196:80 www.google.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
N/A 192.168.2.17:1034 tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 66.102.1.26:25 aspmx.l.google.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 216.58.212.196:80 www.google.com tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 smtp.gzip.org udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 52.96.222.226:25 outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
N/A 192.168.2.11:1034 tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 216.58.212.196:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp

Files

memory/2948-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4204-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2948-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-37-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-39-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-40-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8aa256e948ebde0a70c8df3855bf6d2a
SHA1 ce528453112489ef89f970a2420090cccf9827ac
SHA256 a11d624f0ce23d886f368cc34864bf2ddee2f737e1937ce5c611cf8fd54ae0f9
SHA512 1b853b334900db8cf2302c2ac0a6155ed294692a0a371898e9dc7532154aec95c9ac1df89f34164e520bc57de3fbc0165c4b017e3b7cec8ee810dc20ceadbadc

C:\Users\Admin\AppData\Local\Temp\tmp8606.tmp

MD5 f7dbc4bb30fcc5d70ca8d453a2df80bd
SHA1 ea684b84f139bb8000319fc05a516ce658d9a391
SHA256 dacea91469f044b983b2588bd4bb27d027cf6bf0b92f0d911ecd25e06824e56a
SHA512 b556e879205e9acdb245ea0898ff6c7cf509e3ace6a8a48ed71b21a96ff3fcf04d6f35f8a95a24ca7fe67fc934e2c2c3a64df5220098c2783e509dea5c637619

C:\Users\Admin\AppData\Local\Temp\azlQy.log

MD5 1f90dc0be0c2f74bf6f01e996a0b9f89
SHA1 fa694d2590e20f64ddd1f71736db8497ad413652
SHA256 1b7d23a59e13b154a8bfaba047c38eb34d63276f1dbd1ca1e1f8d37b91e7f31c
SHA512 4bf0822a8fc631774a86d52b2e748a5b4d7bcdb84810cbd7dad99dd50d273a0bfa23ce08cd0f64e27229dafa4fc43b0b482155bf86eb9bde3f048d7a9a5b699b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/2948-131-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-132-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 8e4335014735975530de337bb5c9c641
SHA1 a884616b194146f4d4d1f6883976f027bb40dd94
SHA256 f4dfa9dca62945d71bb8f1b6b93954757cef3358a81cb1d009690fb7fa057ea1
SHA512 65d81d58bdf5f6f38325b587edc171fc2da20dd1132ade73d1c7ac7fb143993f411e6d65836d69082019df34346164d09be24077fa4ade65dacd130f088befbb

memory/2948-161-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-162-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4204-164-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-168-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-169-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e0be86317fc9ca571adb4c3b5356cd5a
SHA1 02e45605a5d04ee5f48a3c31b73e0985a1469168
SHA256 2f751ed32ab10886def4a6f8982d97c0cfdd89eb03756583f26be2a1dbdbb005
SHA512 5321c6b920e7517d8296ff9c0ee855c7aa54c0cc1cb6bf696f7766ffa54a0ab7801d1be78f24d4768328692f7048412530ab2c0cb8d68005c0e435a9610082fb

memory/2948-196-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-197-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-229-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-230-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\default[1].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB8IB6GH\default[4].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\default[8].htm

MD5 267ddfdbb8d492b25de208d84b290f1c
SHA1 9f57d9f19f25549e1232489a0c101a92e851de2f
SHA256 ef1f87447ae1ab45548d2934cf0dbd15a32b86359ff9fccfa48d76c1badf6586
SHA512 0709aa62d39d419d335183235dcf328e1dfe6997bd9bfbdeb01bb050df8dcab63ec2d4f46e4718ab389fa8e12af66dec2e3019c8871ac6e40927a25cb706c6b3

memory/2948-263-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4204-264-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\default[4].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c