mydoom | a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-11-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
Size

29KB
MD5

13417a4b526277b59597ae1f223ceccc
SHA1

e5306c3c992b9253a3459c0f0dbf03f90f27ffe1
SHA256

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d
SHA512

bacc4b4fb08f1c159ab766fb411feaf9ac1da9e69674371fc77ccd3b4f7cbe3c3c2a28a48d437e6784cad5b2041a8cdc14af0ac202caaf7bcd774d663f2412c3
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/LE:AEwVs+0jNDY1qi/qw

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 10 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2236-17-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-36-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-41-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-63-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-67-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-72-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-74-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-79-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-236-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2236-310-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom
Executes dropped EXE 1 IoCs

Processes:

services.exe

pid process

2836 services.exe

pid	process
2836	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exeservices.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2236-4-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-9-0x0000000000400000-0x0000000000408000-memory.dmp	upx
C:\Windows\services.exe	upx
behavioral1/memory/2836-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-17-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2836-20-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2836-25-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2836-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2836-32-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-36-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-41-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-42-0x0000000000400000-0x0000000000408000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\tmpC67D.tmp	upx
behavioral1/memory/2236-63-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-64-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-67-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-68-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-72-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-73-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-74-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-75-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-79-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-80-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2836-85-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-236-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-237-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2236-310-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2836-311-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

Processes:

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

description	ioc	process
File created	C:\Windows\java.exe	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
File created	C:\Windows\services.exe	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
File opened for modification	C:\Windows\java.exe	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

services.exea102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe

description	pid	process	target process
PID 2236 wrote to memory of 2836	2236	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe	services.exe
PID 2236 wrote to memory of 2836	2236	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe	services.exe
PID 2236 wrote to memory of 2836	2236	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe	services.exe
PID 2236 wrote to memory of 2836	2236	a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe	services.exe

C:\Users\Admin\AppData\Local\Temp\a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe
"C:\Users\Admin\AppData\Local\Temp\a102354677a1001a7acf66f8b3630f02c91815028a8ac2187f784290a880417d.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb20c0cce87c7c35c1ae9393231d0dde

SHA1
a36b79d222f783618e58f0a2459d1f944078359e

SHA256
212d7c91620a8cc748bf2da39f6089ca956e051fd26c8bb057e1e4fcb982a904

SHA512
f0698b23524456dd3b12d0a2f826e117e8caaeb3b67ef375bf612ae3a2738189cb0b926f31aba165f8711669b49f1a9cba0ce4660b0123c32c13122faeac979e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e401e8a11065982f8b8f85d54df53ad

SHA1
bbce956ca4f8303682fb1baea2274f08f5415b5c

SHA256
5c24a192723673e6847081eb4a5e8c18b6d7fbcdd617a7635e22da4052d5d038

SHA512
cfa8b738e60f1e85aeb98d8974ea8581d6510980e9eccb7a77e34ccc5d6ac25740ab7b3394f8eea86c4f20b977e6f4ee24ebbf06f6a9bbd10ec69626991c5a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\search[2].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCE6F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF20.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC67D.tmp

Filesize
29KB

MD5
62af3ae35c1002765340e0491dc00000

SHA1
64e71ff9cb328fd39a98996617c756c32272dcfa

SHA256
84c5231a8c5507f2a909ab997005cd64a94ea3ef53fb0f8c3f35dbc15d41dff9

SHA512
02c3f261bbaca064eddc82bdd66053b449812d23ef649868ea715379379163e7d4a33af230d4bd82a5bc47b29e483142c09e7f82dfdc40c55cdab1e43f3db7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
02805aefcd5f60ccd58ecb41031a6ea3

SHA1
879f9766493122e15cdfdd802340bbd3f53494a0

SHA256
e319d78793d1e3e3d5d99ee1bb36fe91842ab7e0c0d902d4c2710dd8881a931e

SHA512
01625c3556bb8fdaedda81d0944e9857053dbdd7f1d8bb31086ff56c0ed2c4004c94546a45da621db534cdc637502e168973aebef4d9575fc35e996692db6fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
11ada14075b5b35fc9c7df91105a5233

SHA1
591a9f1bc992d65ab7a56c46966cde22608575f0

SHA256
b2030fabd81a95e3e0f73cf2debfdc63ef091c5762318787d697d56119db6c57

SHA512
1c773f15bd0c6e7576e723dfb82235d783d5440b8b802964009abdd4fe7056563eb5b0e83c2dd5e823f7149d710f5cb56fc5bef02a4b31d51991615d0bf0ffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\znxfmzm.log

Filesize
320B

MD5
34e16e4b06cdbaccb1765c1067d340f4

SHA1
e90014f7bcb78f75071774eabad3b69fa588299d

SHA256
fc2c5fcd08d1135ea5a9b2b633f136494ff6e8c25a509cd37c155138485e64fb

SHA512
279659c9a7a1c111967df37bbe232a83b6dd2f6ba89f7088ff1ed76ca1545be9157db12f066f97e16247ba957c2795f9af12790c853871d7415761e659499a77

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2236-9-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2236-36-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-4-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2236-41-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-236-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-74-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-310-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-63-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-17-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-67-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-79-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2236-72-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2836-20-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-64-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-75-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-80-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-85-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-73-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-25-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-42-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-237-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2836-311-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download