Analysis Overview
SHA256
5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842
Threat Level: Known bad
The file 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842 was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Mydoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-18 00:14
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-18 00:14
Reported
2024-11-18 00:17
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2644 wrote to memory of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
| PID 2644 wrote to memory of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
| PID 2644 wrote to memory of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
| PID 2644 wrote to memory of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe
"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 192.168.2.17:1034 | tcp | |
| N/A | 10.152.243.207:1034 | tcp | |
| N/A | 192.168.144.131:1034 | tcp | |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.40.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.127.0.6:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 192.168.2.16:1034 | tcp |
Files
memory/2644-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2644-4-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2644-9-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2692-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2644-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2644-18-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2692-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-45-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\znxfmzm.log
| MD5 | d5946f51913da54e8c99c5988a270fa0 |
| SHA1 | a43db643948cae787258f8c71b9eb8cbaf7da830 |
| SHA256 | fcb6a1c1c4af76116927d305b1e954a6195868cec6c3b0677994fb6790b34963 |
| SHA512 | 9a4d443594868b93f818338cb970f5b16fc9b64e66b4ed5ac9a57fe39be6f20b1c4430c6658caef7fdb1a9b7dee8f1efc67d6ea655dbbc45cc2616bf784d148c |
memory/2644-49-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-50-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 2a4dc424ac25e65928f4e8b71a2e099d |
| SHA1 | 27f452d8270efae6db8b498380f197785b8ec3e2 |
| SHA256 | 8bbe9143d4bca231c522465af9b9e08991a9f1d8939fc5e5316fea05e2b96222 |
| SHA512 | 618fcd6b617362f5442996ee3db06f0e183b751aa4479c6546339c3b7e54a43da7e158a3885dd5136a63ce3a4232958aba63ee0f42cd91aed83645edbc36ecd7 |
C:\Users\Admin\AppData\Local\Temp\tmp5812.tmp
| MD5 | e366ca435ca9382232a9d279b361bfea |
| SHA1 | 2ecdbbdad4bc48ba0a225473c078a9203c8eea4c |
| SHA256 | 31b6e832dc7f6085d7ba6d9dd7ac08d61445be55020aaf5798c61d2fc8af0c22 |
| SHA512 | 5d0204fe8ccf6fcb675c075e5a56637bdb44e5d2216a8e6b6395aa58d6dbc6af1e7b678106c60985f91eb5e35d66eb7d22cb5aa64df0a039b5382d75962f44d7 |
memory/2644-74-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-75-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2644-76-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-77-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2644-80-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-81-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2692-86-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2644-87-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-88-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2644-92-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2692-93-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-18 00:14
Reported
2024-11-18 00:16
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4852 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
| PID 4852 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
| PID 4852 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe
"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 192.168.2.17:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 10.152.243.207:1034 | tcp | |
| N/A | 192.168.144.131:1034 | tcp | |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| SG | 74.125.200.26:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.42.10:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.22.144.149:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.144.22.2.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| N/A | 10.127.0.6:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| FI | 142.250.150.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| N/A | 192.168.2.16:1034 | tcp |
Files
memory/4852-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4220-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4852-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4220-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xs0fkpfakf.log
| MD5 | b681bb20560d365882a95d30c1d7b456 |
| SHA1 | 7526be5d203d0490e68f282b4e4d3c29f78511de |
| SHA256 | 26fdd5dc89c41f7ee356d9723f446cce6f3b6b95fe50b01dde0db6e1aa56f70c |
| SHA512 | c2ab0e5efb57ea80becb65388352760c629bef7bb81b47aee5c7ad43505a3c1fe578e7d05e5d82ec36d22fd4240e03868cd8963bf63d1ac38e1797806e3f5ef4 |
memory/4220-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4852-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4220-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4852-56-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4220-57-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 58c9551a22c6d2c8ae0b4c4b85b17420 |
| SHA1 | 43d8a473cbc298cf122cf6e3bf6cb70aff29c67e |
| SHA256 | 1afeb19be9ad72bdd719b4a9e797a4b428ec011330683a3ba4996766b25046fb |
| SHA512 | 994b974b0cbec4c2e58fde1525a594b195ed65bf9235d4ceb689d316c1e2376d42b5ec5fac7f5fa82df56fed77f5769b99d3cb854247d50473d35d89dae93f6a |
C:\Users\Admin\AppData\Local\Temp\tmp4389.tmp
| MD5 | f3a7493a18b541d51e587c207da05932 |
| SHA1 | 147fe8e7435005de8aec024a0547017e00398c78 |
| SHA256 | 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842 |
| SHA512 | 2302ea8143aeb2f9553d964b7db235e1f0cf53e6cf9950cae4b10b464d9826d237693f6920b2c6cd6a9c4664de46cd6699761adf0073f34d00d4e40226492cfd |
memory/4852-135-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4220-140-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 620d8f9993a445ed7e63dbfc8aa5395f |
| SHA1 | ff9b545c4fe452bf1067e5d892b0b4bda3754701 |
| SHA256 | e2a5221293320ae87af20fc6d21d132e79322eea7cc5bfa0d53dc93e8ea450b9 |
| SHA512 | 28b200b2eb30ff1655bdafbeaa4db17162c99c6fd2eecde49df4bb5db41c801210e50a1ec5d23043bc5d245221aeabef3a26276062c732fd52210af553adce13 |
memory/4852-157-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4220-158-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4220-162-0x0000000000400000-0x0000000000408000-memory.dmp