Analysis Overview
SHA256
1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607
Threat Level: Known bad
The file 1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
Mydoom family
MyDoom
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 10:14
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 10:14
Reported
2024-11-14 10:16
Platform
win7-20240903-en
Max time kernel
120s
Max time network
115s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1480 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
| PID 1480 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
| PID 1480 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
| PID 1480 wrote to memory of 2992 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe
"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.93.103.153:1034 | tcp | |
| N/A | 192.168.0.255:1034 | tcp | |
| N/A | 10.159.126.116:1034 | tcp | |
| N/A | 10.213.60.59:1034 | tcp | |
| N/A | 192.168.56.176:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.11.7:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.0.255:1034 | tcp |
Files
memory/1480-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1480-8-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1480-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1480-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1480-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1480-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-46-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-51-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2992-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1480-55-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2992-58-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1480-57-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 777ded697cdc003529b4104e9a5382a6 |
| SHA1 | 0e1444748586db64118332572b5dfc2e3ec1c7a8 |
| SHA256 | eeda897da5f4f11864f11c0efa014bf7f1d0ddc1793da0e0f3ae017ecc4958d3 |
| SHA512 | 068e960039fdecb491c2f5522469d4d8aa049df2b89ae7c4c574732cc0e0180b2ec3ac13e6ff18e99192e870fa38ee1ea635888c793bd08b661f404aae0861fe |
C:\Users\Admin\AppData\Local\Temp\tmp5A81.tmp
| MD5 | 0d3d25238c10028103e5793f56e89aa5 |
| SHA1 | 9057b25b83eda28a0f080c0f6263c9ca9f75b923 |
| SHA256 | fbdb244a97ac9fe92f6724ed86a9dde425acef84d8b6e627a7d1de9e5aa946e2 |
| SHA512 | 0029f482b7ba73e55951718968cb109d91ae6a0d851fc6d5ebc580c3d25cc408e0e7fe3945a0846a161457de284b8d8847e5d8c349e6dfed1ba708c34f5d0a15 |
memory/2992-76-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1480-75-0x0000000000500000-0x0000000000510200-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 10:14
Reported
2024-11-14 10:16
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3996 wrote to memory of 3648 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
| PID 3996 wrote to memory of 3648 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
| PID 3996 wrote to memory of 3648 | N/A | C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe
"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 10.93.103.153:1034 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 192.168.0.255:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 10.159.126.116:1034 | tcp | |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| N/A | 10.213.60.59:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| DE | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.8.36:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| N/A | 192.168.56.176:1034 | tcp | |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| N/A | 192.168.0.255:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| FI | 142.250.150.27:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 52.101.194.5:25 | outlook-com.olc.protection.outlook.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| GB | 142.250.178.4:80 | tcp | |
| GB | 142.250.178.4:80 | tcp |
Files
memory/3996-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3648-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3996-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3648-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3996-37-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 3d48701a47bd3775863093bd947df511 |
| SHA1 | 71b4f55932127f2ee113894b0c16ccf3f35a1623 |
| SHA256 | 3f0ea3251fdb5dab61b957d6d7482018ad40b79aeb7a82fdd013774a2050845c |
| SHA512 | a25ea28f4f03ae284450b72c305dd77c753946c6d8ccaa0a7d003d369c8ed0a3fa4f77732c5f9f1c1aa15a6034e428662e7058411458064b045b74000b175c51 |
C:\Users\Admin\AppData\Local\Temp\tmpCA90.tmp
| MD5 | 64e134468015976f2da5bb6f3e37068c |
| SHA1 | 040d0ba370600e0f4d4f75fd9696bf257574483d |
| SHA256 | d6bc2fc7dc2fef88f5b0c93cdf352728a124494dba8989241746bf90c0234f2b |
| SHA512 | d2fd03e3d0810b3d5bcde332f24f9e05ee55bde628987d231ab1e07e66eb49448c8d8d26d61ada176d93b4f336c03160ce69b8a21a8e6d28ba43362d5a4cc867 |
C:\Users\Admin\AppData\Local\Temp\tmpCB83.tmp
| MD5 | c3095f6981728197742e8e577d59b79c |
| SHA1 | 3eb725ed68caf4dcb8aadbd056f4921c9e0fe2f0 |
| SHA256 | 0d532968d32d5ff950548703b0c9814948e29ab491d250347db1df85f325da61 |
| SHA512 | 5445623cdd787f8594e748856e0b1d5b97e74f53d9f5ac691f58242623ea976fea80e9e91fbb3698182cc11e4595bd865039ef92ff322eec3274e43c60c9dc5e |
memory/3996-109-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3648-110-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 57fee3918393b2c2f1ad19b73981b712 |
| SHA1 | add4fcdcc22997ad7569d9ecb77753e9af421016 |
| SHA256 | f9555f98bebc950b07825cb302cd3aa14b6b11a75e7478b010faa8f412290ab9 |
| SHA512 | 1b500704171ba404bc053233195e8dd41f1d899c1ccd2c73af79107276d590f65961ed5c1670ae198d5fd2613f21d4f5c7e6d0192192f3531839c21ef51a7686 |
memory/3996-158-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3648-159-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3996-162-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3648-163-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3648-165-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3996-169-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3648-170-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 98f212671e98bb571f703b3ec42ad707 |
| SHA1 | 535d27f7505d4057f00c2932569e3b7da7cfef93 |
| SHA256 | 0d5f3ae4c5869ebfe6c49cb3efecfb8411522a2c7deb644319e77e737ba32e05 |
| SHA512 | 4c7c8a5af6e1dc5b68800d57f8188abc1618282986f65d05044df2225c69e33cd797c111dae658d856bd7d2372c7baa34d9adb8424149ab4c072f427d4d7c0ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\default[4].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |