Malware Analysis Report

2024-12-07 02:18

Sample ID 241118-ajax6sykgr
Target 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842
SHA256 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842
Tags
upx mydoom discovery persistence worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842

Threat Level: Known bad

The file 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842 was found to be: Known bad.

Malicious Activity Summary

upx mydoom discovery persistence worm

Detects MyDoom family

MyDoom

Mydoom family

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-18 00:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 00:14

Reported

2024-11-18 00:17

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Mydoom family

mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe

"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
N/A 192.168.2.17:1034 tcp
N/A 10.152.243.207:1034 tcp
N/A 192.168.144.131:1034 tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.40.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 10.127.0.6:1034 tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 192.168.2.16:1034 tcp

Files

memory/2644-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2644-4-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2644-9-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2692-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2644-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2644-18-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2692-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-43-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-45-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\znxfmzm.log

MD5 d5946f51913da54e8c99c5988a270fa0
SHA1 a43db643948cae787258f8c71b9eb8cbaf7da830
SHA256 fcb6a1c1c4af76116927d305b1e954a6195868cec6c3b0677994fb6790b34963
SHA512 9a4d443594868b93f818338cb970f5b16fc9b64e66b4ed5ac9a57fe39be6f20b1c4430c6658caef7fdb1a9b7dee8f1efc67d6ea655dbbc45cc2616bf784d148c

memory/2644-49-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-50-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 2a4dc424ac25e65928f4e8b71a2e099d
SHA1 27f452d8270efae6db8b498380f197785b8ec3e2
SHA256 8bbe9143d4bca231c522465af9b9e08991a9f1d8939fc5e5316fea05e2b96222
SHA512 618fcd6b617362f5442996ee3db06f0e183b751aa4479c6546339c3b7e54a43da7e158a3885dd5136a63ce3a4232958aba63ee0f42cd91aed83645edbc36ecd7

C:\Users\Admin\AppData\Local\Temp\tmp5812.tmp

MD5 e366ca435ca9382232a9d279b361bfea
SHA1 2ecdbbdad4bc48ba0a225473c078a9203c8eea4c
SHA256 31b6e832dc7f6085d7ba6d9dd7ac08d61445be55020aaf5798c61d2fc8af0c22
SHA512 5d0204fe8ccf6fcb675c075e5a56637bdb44e5d2216a8e6b6395aa58d6dbc6af1e7b678106c60985f91eb5e35d66eb7d22cb5aa64df0a039b5382d75962f44d7

memory/2644-74-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-75-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2644-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2644-80-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-81-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2692-86-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2644-87-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-88-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2644-92-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2692-93-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-18 00:14

Reported

2024-11-18 00:16

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Mydoom family

mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe

"C:\Users\Admin\AppData\Local\Temp\5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 192.168.2.17:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 10.152.243.207:1034 tcp
N/A 192.168.144.131:1034 tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx5.googlemail.com udp
SG 74.125.200.26:25 aspmx5.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.42.10:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.22.144.149:80 r11.o.lencr.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
US 8.8.8.8:53 149.144.22.2.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
N/A 10.127.0.6:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
FI 142.250.150.26:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
N/A 192.168.2.16:1034 tcp

Files

memory/4852-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4220-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4852-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4220-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-40-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\xs0fkpfakf.log

MD5 b681bb20560d365882a95d30c1d7b456
SHA1 7526be5d203d0490e68f282b4e4d3c29f78511de
SHA256 26fdd5dc89c41f7ee356d9723f446cce6f3b6b95fe50b01dde0db6e1aa56f70c
SHA512 c2ab0e5efb57ea80becb65388352760c629bef7bb81b47aee5c7ad43505a3c1fe578e7d05e5d82ec36d22fd4240e03868cd8963bf63d1ac38e1797806e3f5ef4

memory/4220-45-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-50-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4852-51-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4220-52-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4852-56-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4220-57-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 58c9551a22c6d2c8ae0b4c4b85b17420
SHA1 43d8a473cbc298cf122cf6e3bf6cb70aff29c67e
SHA256 1afeb19be9ad72bdd719b4a9e797a4b428ec011330683a3ba4996766b25046fb
SHA512 994b974b0cbec4c2e58fde1525a594b195ed65bf9235d4ceb689d316c1e2376d42b5ec5fac7f5fa82df56fed77f5769b99d3cb854247d50473d35d89dae93f6a

C:\Users\Admin\AppData\Local\Temp\tmp4389.tmp

MD5 f3a7493a18b541d51e587c207da05932
SHA1 147fe8e7435005de8aec024a0547017e00398c78
SHA256 5d4370c031ec69c63e9ca55c0463c942308b602a7c8cb3fa3c7e3acaff86b842
SHA512 2302ea8143aeb2f9553d964b7db235e1f0cf53e6cf9950cae4b10b464d9826d237693f6920b2c6cd6a9c4664de46cd6699761adf0073f34d00d4e40226492cfd

memory/4852-135-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4220-140-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 620d8f9993a445ed7e63dbfc8aa5395f
SHA1 ff9b545c4fe452bf1067e5d892b0b4bda3754701
SHA256 e2a5221293320ae87af20fc6d21d132e79322eea7cc5bfa0d53dc93e8ea450b9
SHA512 28b200b2eb30ff1655bdafbeaa4db17162c99c6fd2eecde49df4bb5db41c801210e50a1ec5d23043bc5d245221aeabef3a26276062c732fd52210af553adce13

memory/4852-157-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4220-158-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4220-162-0x0000000000400000-0x0000000000408000-memory.dmp