Analysis Overview
SHA256
3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068
Threat Level: Known bad
The file 3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068 was found to be: Known bad.
Malicious Activity Summary
MyDoom
Detects MyDoom family
Mydoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-15 20:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 20:50
Reported
2024-11-15 20:53
Platform
win7-20240903-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2548 wrote to memory of 1956 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
| PID 2548 wrote to memory of 1956 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
| PID 2548 wrote to memory of 1956 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
| PID 2548 wrote to memory of 1956 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe
"C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.2.15:1034 | tcp | |
| N/A | 172.16.1.2:1034 | tcp | |
| N/A | 192.168.2.9:1034 | tcp | |
| N/A | 172.16.1.182:1034 | tcp | |
| N/A | 192.168.2.17:1034 | tcp | |
| N/A | 192.168.2.102:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.12:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.12:1034 | tcp | |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| N/A | 192.168.2.103:1034 | tcp |
Files
memory/2548-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2548-9-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2548-8-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2548-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2548-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2548-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-46-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vuqnx9bEaF.log
| MD5 | 8ecd198d977b13c6ab9d81289576fc40 |
| SHA1 | 5d2b108d43d0c1975256193e6b4bfc1f256d9246 |
| SHA256 | 30780dbd99e71ba01bec96814d004d202f34dd3956fcb1ae4edbbd751b3720fd |
| SHA512 | 31d0fd1af16b6a38e063d4c2f2d80071d6cdd2dc365ba69c9c37a08f39452119788c92bbbde6652b643491b4efd77a0e4426a41381e06491b56107a5bf09f60a |
memory/1956-51-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-56-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2548-57-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1956-58-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1956-63-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2548-62-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp6642.tmp
| MD5 | c5024dd3af54a497871e2a1487d584dd |
| SHA1 | 3ed4d99b92c62a7bc3f476e596fc6d62e98347af |
| SHA256 | 213954f397fd8b88e72e9f52a1f531704a466d265db19f3081801112807834e2 |
| SHA512 | 67d4e5db838ae1a454dae967ae17c902f3a611c05ecbfe909ebbac1d8581d78658151829bc215d057c4f3655258a3914c210cbaec1dd1081f5cf2267160a6267 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | de0604d6bf73cb8b0c25d9b371b29aa5 |
| SHA1 | 37c31eac2d76f3aed036379153edb5002c2035d4 |
| SHA256 | 0727ca8b02c02da2aa11c3765443ac46edd559f91524c4700e205515793b21b3 |
| SHA512 | f98fb9ca1ef1739ce9066f7f5744086b401afc859d1eca8098109d7879bfe625ebe8221cc284936b2bebe8d3bf94e1468510d8a028f8a2989fba2a74d956a948 |
memory/2548-83-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1956-84-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2548-85-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1956-86-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2548-90-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1956-91-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-15 20:50
Reported
2024-11-15 20:53
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2512 wrote to memory of 1320 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
| PID 2512 wrote to memory of 1320 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
| PID 2512 wrote to memory of 1320 | N/A | C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe
"C:\Users\Admin\AppData\Local\Temp\3116d03263f34f85b897d28b03764bbcca92e5e62d6f9552c6a80968749ca068.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 10.0.2.15:1034 | tcp | |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 172.16.1.2:1034 | tcp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.92.23.2.in-addr.arpa | udp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 172.16.1.182:1034 | tcp | |
| N/A | 192.168.2.17:1034 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| N/A | 192.168.2.102:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| FI | 142.250.150.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.11.17:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.134.221.88.in-addr.arpa | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| N/A | 192.168.2.12:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| DE | 142.251.9.26:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| N/A | 192.168.2.103:1034 | tcp | |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/2512-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/1320-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2512-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1320-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xs0fkpfakf.log
| MD5 | 7d2c78ded0f5063782d29c05bf9d30d0 |
| SHA1 | ae763060b6e35beea7469e2c303aded8e62b6600 |
| SHA256 | 75de8e637f9aec8d492fe3dfb44e2d440e4340e44c6e7fc7d71b768ccf7dc33f |
| SHA512 | 74e5543dfd51d106a7ddb9be43d03665f84150f67905f95ffc199ab7148bbd2125926988845fe2d7f751a3e41ca2700a54d212ef2d10552c4a593cdbd5581647 |
memory/1320-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2512-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1320-52-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 9bf939347ce00f5fcd71f1e25eb39ab3 |
| SHA1 | 65e0c1707c8a374a5d6ebae1f766fe885c1b6cb5 |
| SHA256 | 1be035d5166ccf445d3a9c76cd9c9e68a514bf5f98050d96c0a83b7fc0c166ea |
| SHA512 | 8f15ff9a5e293c49c6282f94933e170301dc92619871298c46dfa9fb4dc5c971b1efde6a67d42f55d0b5b16f6363c9d4e8ffbbb89a71b3bac056120598866501 |
C:\Users\Admin\AppData\Local\Temp\tmp6FBA.tmp
| MD5 | e5b5dfa9c1550068793f452696cacc98 |
| SHA1 | 05b192a8b2b0b6c1afd010ad774b4f56c2bcc2f7 |
| SHA256 | 39262803cf5d39b82a21fbda562db5fa944b2098a53609cdbd4d1e604f0e1c77 |
| SHA512 | 98d5152cd4850b45e2eb2233f232d317276773e5c884cfbb812816cd9148a98565d6bbe77613d36ed48779a7bdb7d5a0d60726047c07b0109011543f2f035b3c |
memory/2512-112-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YY018DS9\LP1TE8TI.htm
| MD5 | 88f428031580c0176887d4b6d62a0c81 |
| SHA1 | 101b459b94a4b3aa05cd9c3b76f71cee9f9a424f |
| SHA256 | 55ad08b5bb1e405eb5e6266b9196c127d75a2a7b854cc8830926193449acc0ad |
| SHA512 | 4d1d0f25da365d8807ac619599d11db5935648bff3e86bb596463f4659451edc7f32d266c850f767a80f99fc7234bd2e2d651cd1146379d84029018e7a014c85 |
memory/1320-142-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YY018DS9\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V4KZV1MD\CIQOO62Z.htm
| MD5 | b0091faa240c0526c72bf3587b0f396a |
| SHA1 | 3289159575b92b4795b482bfa2980caaad7938a6 |
| SHA256 | d595cd8c45a89b66177c928cf38d4c7319ce7e6fa831d05ae466e71f79628e06 |
| SHA512 | 112e07c18f84a5d9050b361dff38b23a65c863e6d6a8626dcc524d515a1ee79d702462568a1dea0f5868e8b5cfff5aff863ff54562cce4aa97582528bea05839 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V4KZV1MD\search[2].htm
| MD5 | b0c0bad7521ca85b52f6b6e1133878a3 |
| SHA1 | fc01400236ec27e34e552f8cdbaed57a3e064e5a |
| SHA256 | 37ce94e55d31e0fc8d59a2da0a5ab9b999bc5b1352fcbd0452d4632d68557ad2 |
| SHA512 | 334aee0abd26314933b0aa4b12cadababaa29b205f77fdde09deb872853e9ec8cd0236e9514c69c22584c3f0ad7dc1b8de2a5cf5d72b4d59ad521aa10a2692a2 |
memory/2512-220-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1320-221-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2512-222-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1320-223-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1320-228-0x0000000000400000-0x0000000000408000-memory.dmp