Malware Analysis Report

2025-03-15 00:34

Sample ID 240928-ynry9awhja
Target f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N
SHA256 f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8
Tags
upx mydoom discovery persistence worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8

Threat Level: Known bad

The file f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N was found to be: Known bad.

Malicious Activity Summary

upx mydoom discovery persistence worm

Detects MyDoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-28 19:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-28 19:56

Reported

2024-09-28 19:58

Platform

win7-20240708-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe

"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.2.155:1034 tcp
N/A 10.93.103.153:1034 tcp
N/A 10.202.221.84:1034 tcp
N/A 10.127.0.3:1034 tcp
N/A 10.150.78.55:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.9.11:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.156:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp

Files

memory/2184-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2184-4-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2184-9-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2060-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2184-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2184-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2184-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-34-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-39-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-46-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2060-51-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2184-55-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2060-56-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 40df2698837cb8478b870a562163e0d9
SHA1 fff7338574bd4c59d5e068dab3c9d4f85834af23
SHA256 a41ac35293df1c6667fbd2fa7240769b61942595a510d92b90b184994daeb28f
SHA512 7ec1b4d65445c1dad443acd5a8e2bdbe9ac165b092ee97bdbc2fc8c80a92f9224fa72400658fe092dbdca77220dab91905ec9a94c03324ec5ef03ead1208a5b8

C:\Users\Admin\AppData\Local\Temp\tmp8D82.tmp

MD5 8f29497924b02e08ca00e5a28fe11886
SHA1 37ad36086d954e1228dce96579e7017ffe0dd6b3
SHA256 6c2300d27debb360c3de1d91eee6a7a8e4dccb0b76312c4981dce4b8a17fbfdd
SHA512 3ea00da65710735d1944d8e51055043d5fabf00b89ba5839df75b8b3221faf2d0531e1165b97e91e312058494556180e17358c3c4c3d46ad5425d528c25c8efa

memory/2184-74-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2060-75-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2184-78-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2060-79-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-28 19:56

Reported

2024-09-28 19:58

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe

"C:\Users\Admin\AppData\Local\Temp\f1647f3320cec353c34fd1e3fa351a07a11b15977b21f0c19393778684caefa8N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 192.168.2.155:1034 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
N/A 10.202.221.84:1034 tcp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
N/A 10.127.0.3:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
FI 142.250.150.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.10.14:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 10.150.78.55:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
SG 74.125.200.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
N/A 172.16.1.156:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
TW 142.250.157.27:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 209.202.254.10:80 search.lycos.com tcp
NL 52.101.73.27:25 outlook-com.olc.protection.outlook.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.180.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.180.4:80 www.google.com tcp
IE 212.82.100.137:80 tcp
US 209.202.254.10:443 tcp

Files

memory/1140-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3500-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f0a99e6bc2a609c9a36963ffe8400cb2
SHA1 ee3e834031f960bc6c50c29455704f1ecf497192
SHA256 705bb1f28a4f620aad221d06f486c56c7b685bafc4e875f2aadeb9795a11869b
SHA512 a1a5586adbb7288e847d562d5d756538dce7dba1b7fbab8f807dc179d5017155cf4e374246d34d32b068bda529fd12393f7859c6bb90208e77e9e6fecb51974f

memory/1140-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1140-37-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1140-39-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-40-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 dc568eba27201589519630a82e8e43ee
SHA1 39ce1dc4dc14d019056c379d579b6ce34e4d17ad
SHA256 ddee1b51b4f609817594f616c3b61e22f7709fc4f87026999a1cbd301478c38b
SHA512 72a35a487f30d1f684bc1341fcf61aa1ebd5459962156746cbbac26c958f84faa9db1df8fc2052e93e5ce987747704bbef8e0030e8c35b681d464b4b944a404d

C:\Users\Admin\AppData\Local\Temp\tmpAF8C.tmp

MD5 e46ebc02db0544be78a0676e56a06ed6
SHA1 97f00c11323f65e28c01f8d8dfc698a6fa8e8773
SHA256 f4182f6202ece74af5a18bbd09dd3fe0306091414631fe264b915494adb2cf8f
SHA512 2286319124c01875f7a244577d52b5eae0f9f6721ccc19af8783035bd68e168fd3d930238fe7d8a642511d357cdcf10bcc0ca20d39d652e7aacc620301a7c4ef

memory/1140-130-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-131-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 49ec4cfca59fb02e1483d6f613bf273f
SHA1 33e0386afc985dd852e95749ac674e65abf5e66f
SHA256 a04ab21c3173a22b16d9f308e5ffab6d700f43e0da11786bee3bf0f627b41df5
SHA512 774e849c7593e9725cbe9498d5aa28df8c18ed74deab4aa7c151dfe190c8c935a9882ee10dc9ff5afdc5ae31312b7989dc977002eb4419f9be56e9fecb386a84

memory/1140-158-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-159-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3500-161-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1140-165-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3500-166-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c2e70d18698a0c6f995b085d50d3cd8d
SHA1 2e9f63a046f891e0c816b40d773662d13239c834
SHA256 273abb4c5574539873bd1d0552ab837ef2cdd546cba3c4138909a852411097d0
SHA512 0c2c10793f2aae2d47063dd9166bc903f4fb051a72113588e1bd2384f49561bd189d10854cf457f7718b4290353c921c0bbf645b2a352b07a22d6dfe0b511a45

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\N27JXEQ0\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1