Analysis Overview
SHA256
166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429c
Threat Level: Known bad
The file 166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
Mydoom family
Detected microsoft outlook phishing page
MyDoom
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 08:59
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 08:59
Reported
2024-11-10 09:01
Platform
win7-20241010-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2488 wrote to memory of 2180 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
| PID 2488 wrote to memory of 2180 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
| PID 2488 wrote to memory of 2180 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
| PID 2488 wrote to memory of 2180 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe
"C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 10.127.0.6:1034 | tcp | |
| N/A | 10.152.243.207:1034 | tcp | |
| N/A | 192.168.2.11:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| N/A | 10.202.221.84:1034 | tcp |
Files
memory/2488-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2488-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2488-9-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2488-16-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2488-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2488-43-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2180-44-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sjN4knybix.log
| MD5 | 47e00c14e08c26e7c0354b7ab47c111f |
| SHA1 | 78076113e75f831ec75b9dcadf2574ac04def0fa |
| SHA256 | d99f3c5ffc405a3f10357839202b584d5e36507fddd8f686dff9ec93ee2c046e |
| SHA512 | 043de6451df50d9e2b96035903c56d966c629c9479de49ce9f78435f07df27d2d4f864bcf25e804567881b0f3e564070bb1ba332826de71dc7db19235c1b6052 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 73790ccf02700e60848707a58eaf20b8 |
| SHA1 | 961b36ca5380fca17ce5dddb01ea73a40f779fae |
| SHA256 | 954c744bfb1307684ca30697d3238159331479388b9e8f63f41675441c6eb687 |
| SHA512 | 795d9fd0b878b419c98414549af5f2437a05a1b8393243f3345bd42676a426650fdc722cffbb980170c471b4fb4a9b3bfd22510e5cb615fca70343e097e3d8fe |
C:\Users\Admin\AppData\Local\Temp\tmpB3C7.tmp
| MD5 | c5c9b2a8915884a93937f42400d2b2ea |
| SHA1 | 7e6ae3fe2f8a93f90578c1db8ee960c7200ff253 |
| SHA256 | f2094c2b85f494c059e85daabfa0eab63b074205ac6c3987a1d058618f0b70b8 |
| SHA512 | bd9b4062de13015befd3b22f00c7bbfa24e457f8a6f2208574283de0d6258e7412f0b9bf9cb74c84f64a3097966441b09ca3e9777680624f74a9895f9c5455a7 |
memory/2488-65-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2180-66-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2488-69-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2180-70-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2488-71-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2180-72-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2180-77-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 08:59
Reported
2024-11-10 09:01
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Detected microsoft outlook phishing page
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1672 wrote to memory of 4860 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
| PID 1672 wrote to memory of 4860 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
| PID 1672 wrote to memory of 4860 | N/A | C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe
"C:\Users\Admin\AppData\Local\Temp\166a982b7cb96bd9e9b4528126d889bce2b7f13eaf702ebea1db68835ba4429cN.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 10.127.0.6:1034 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| N/A | 10.152.243.207:1034 | tcp | |
| N/A | 192.168.2.11:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| TW | 142.250.157.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| NL | 108.177.119.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 52.101.41.23:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.180.4:80 | tcp | |
| IE | 212.82.100.137:80 | tcp |
Files
memory/1672-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4860-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1672-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4860-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1672-39-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4860-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Q8uxo.log
| MD5 | 45f9e3477f139357488142fd6d40a610 |
| SHA1 | 2fb20a6a24500af8a73c0bc4ad09b7be81040625 |
| SHA256 | 593547ba0229cbc52e1fdaf2b3a2d7b981c73807f45b1355bac6c04f5f6a8201 |
| SHA512 | bdf7e5852c2b9bf8b28e03fc7eb5517693bea1f9a05e104ab5d8287fb24e00f961db481625ab902c9f434953e5e01c914399b061071d90bbdfed2cbf713adba6 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d2123451d4d682f1968bdd240dbdc4f2 |
| SHA1 | b9d06774d2348ab26e1d7192e2ae2ac98072a170 |
| SHA256 | 824c1b94f2b99bffab98dfb310f7fc93d38c5e58576852565a69421573327915 |
| SHA512 | 52edb56899cd55b245937a692ce3ef32421aae07cdf595396613afb60afc339a979573c1f9b5b1620d77c4f23a55fe1bbc4949dafb1bc8504f34f1fd97737ce2 |
C:\Users\Admin\AppData\Local\Temp\tmpEF5E.tmp
| MD5 | 365e5640bff5c28413d45a9d77397506 |
| SHA1 | 0b4337f6d1ae9621d7e6d78de23ef1512934c210 |
| SHA256 | 020778f70b82c575d50a329b95376c13b66b907274aef9e8add173e17729c537 |
| SHA512 | cffdcad978eb5808af291fe289f5594bb2e3a799a62c813cd18be8f2e5e17cd7a030e3013b9f35d862ffa7cad25a6c80e14c9089a9b4466d4d2911f4a57c8c02 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\321WJBEQ\C037JC3O.htm
| MD5 | 33a83a75a10a56e634c664bdc03cff75 |
| SHA1 | 646f1d7a78198719b65bf5f4324985ab2e899b64 |
| SHA256 | fbeb10f4fc36f4d4b04a56265c4be9e6a5161ab53cfc1394f20b39b4723b024f |
| SHA512 | 9192d033e9025e27d7bd2795bd86359ff2ffd223053cc955884f40a0596ecc5bffbff8d7550145d5c474f8c46bf5d39f3378fd9918067b500c7f87aafeabd66b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9MFSIIMR\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9MFSIIMR\search[3].htm
| MD5 | c5f89d5652b5e97d1f70c79b71878b1b |
| SHA1 | 0218c2e26cd99f533c64364f75396f31404b8189 |
| SHA256 | 5d589a7c8fa728cb5aaaa1887bf6538702f9b3f675dd6799cb2c10adcae63beb |
| SHA512 | 8d11234c5046686f39de024cdd9ae4232adde9245831965ddabe8006ca18743408a8afd448200dd0605540ab0d9207d1ae9c12bbf02783d229f94db7c0689df7 |
memory/4860-244-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1672-243-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GRYMSCZU\search[2].htm
| MD5 | 19c669419c22802a3068367a9d2a0650 |
| SHA1 | 861174e937beb64ce45a9cfb886eb8a5a3a935b4 |
| SHA256 | 6099c030b2291d7e42b0187e4e7a771485c4c2882a94f4bd2232bbfa347180da |
| SHA512 | ac8861cabb5423cde78da460589aa3ce4d312b30bc7dfcc74a419d1cd76e3c2dfa7b137a867f662d1380fe4d4fd7cfa2c1b5699f8282f6e81315c5541c5bc4bc |
memory/1672-366-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4860-367-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4860-369-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1672-373-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4860-374-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 9d92fb75393b043f2f7a278ebd4ae8f3 |
| SHA1 | b068d23486f5296a7f9bc5e9663a9c22f9b8fc0e |
| SHA256 | 1cf8a8e9a0e042150d8ac8757ff159d7ec576bc0f3b565a33a855b6082ebe557 |
| SHA512 | 14848d77655a48f2afeb51041c51761df966a9ebb82eedbf597901611124c4333be0917a6d59b7ddede39b334aa8793d16197d402d599f249dd0039681a9e25c |