Analysis Overview
SHA256
93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c
Threat Level: Known bad
The file 93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Mydoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 07:30
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 07:30
Reported
2024-11-17 07:33
Platform
win7-20240903-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2720 wrote to memory of 2836 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
| PID 2720 wrote to memory of 2836 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
| PID 2720 wrote to memory of 2836 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
| PID 2720 wrote to memory of 2836 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe
"C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 10.213.60.59:1034 | tcp | |
| N/A | 10.128.8.216:1034 | tcp | |
| N/A | 10.0.0.36:1034 | tcp | |
| N/A | 192.168.0.255:1034 | tcp | |
| N/A | 172.16.1.136:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.194.19:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.155:1034 | tcp |
Files
memory/2720-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2720-4-0x00000000002E0000-0x00000000002E8000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2720-15-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2720-16-0x00000000002E0000-0x00000000002E8000-memory.dmp
memory/2836-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-29-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-41-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2720-54-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2836-55-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2836-60-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c7037d9d8f2b300900f732d62497bcc3 |
| SHA1 | 2164b0527a0450f1e38f5e129011d3603c75d911 |
| SHA256 | f2e565bcccc29cde7e63262c0b021618ef1a2490f3884cfa3763a68a846d863f |
| SHA512 | 02e8bd02409a9a3550a72c8e904ed19283f2e83eb4b4f80fd3fd65837fa4796606ab76586aa86df7dfa39b9616f2410ec83563dc22a273c58417ad5be62aac22 |
C:\Users\Admin\AppData\Local\Temp\tmpBCAE.tmp
| MD5 | c68ba8dcb3504289ed0cde29ecb5033b |
| SHA1 | 46c73f41730a898b33c595e5e7f3c4cdbdf84ad4 |
| SHA256 | 28191a8cdd73719b5b68d08a4ccd4f533af16cfaa80c127c8ca9e04d5dd9d596 |
| SHA512 | 11625233d3bf68105d912756397934e13461e8588fc153da93e642627bb2f9bdb55d4e7d6cb249b6834657d98ab7b1d8db01a1083334ab91da97d01ec9db8c53 |
memory/2720-83-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2836-84-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2720-85-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2836-86-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2720-90-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2836-91-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-17 07:30
Reported
2024-11-17 07:33
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1244 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
| PID 1244 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
| PID 1244 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe
"C:\Users\Admin\AppData\Local\Temp\93ad3be02d4e5e98faa3104f16350b04937b5c4069cd3bc48c44619899a3db9c.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 10.213.60.59:1034 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| N/A | 10.128.8.216:1034 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 10.0.0.36:1034 | tcp | |
| N/A | 192.168.0.255:1034 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 172.16.1.136:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 74.125.71.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.41.6:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 2.18.190.80:80 | r11.o.lencr.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| N/A | 192.168.2.155:1034 | tcp |
Files
memory/1244-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1244-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2976-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1244-56-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-57-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c48e4cd378e4fe8cbd74da0b85906179 |
| SHA1 | 06a83d2595e6ca90587508b0176d1ecb97191fc7 |
| SHA256 | f2edd47d4cf399ab7b6fdc650f747d3ff760a976d8082f5a4fe800d8e1e80d3a |
| SHA512 | bbb124359a6a04e7662e10938ba5777f786ce65cf47d86fab9e6c59a4c13e7327077d2106e91971bddeb5ea1cc45a87345267fe2b705bde631c14e7f6d77dc47 |
C:\Users\Admin\AppData\Local\Temp\tmp70D3.tmp
| MD5 | 6f522412255a3db61e37f9a7520da72c |
| SHA1 | 34b6db549de406a6bbf55b89ba1e29a50b8acf36 |
| SHA256 | dfd02be6ad67bb2056c9a8e87e9c9c18f3633d663e6de303f439152840530c98 |
| SHA512 | fac08926e4b55a83f958dd2e4dd8174c7e7c7d744686dce37e2e20809ae1093f2c5af2485047522292f0e234f87362e79dbe43bbe5be2a74f4470586f54efc8f |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 821a882206ec52d9c435794b13ecda3f |
| SHA1 | 0bdccb31a775e1fbe78955eaae631f416a996aa7 |
| SHA256 | c06c3a51b9b022ed1c8b5561dd5b4a11d5368e3ecd88b3e5922a5f2722857473 |
| SHA512 | 076ed7a96bb47141d1c9501725635007ebfd369878cc1c3e54807a34960b79cff689589a49eac432888e3af7f325f17dc129561e9f58709677d905d523f2ee5d |
memory/1244-111-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-112-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P2UT3MS5\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/1244-172-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-173-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1244-176-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2976-177-0x0000000000400000-0x0000000000408000-memory.dmp