Malware Analysis Report

2024-10-19 02:13

Sample ID 231230-1h82pagah6
Target 1d4d551922a91f2ca3099cac602bb170
SHA256 e4d07054a1bf665d9cd3a59192a7343c456f63fad3e248deab2a4cc721e85f22
Tags
nullmixer privateloader smokeloader vidar 706 aspackv2 backdoor dropper loader stealer trojan gozi banker isfb
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e4d07054a1bf665d9cd3a59192a7343c456f63fad3e248deab2a4cc721e85f22

Threat Level: Known bad

The file 1d4d551922a91f2ca3099cac602bb170 was found to be: Known bad.

Malicious Activity Summary

nullmixer privateloader smokeloader vidar 706 aspackv2 backdoor dropper loader stealer trojan gozi banker isfb

Gozi

PrivateLoader

Vidar

SmokeLoader

NullMixer

Vidar Stealer

ASPack v2.12-2.42

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Runs regedit.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-30 21:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-30 21:40

Reported

2024-01-04 13:52

Platform

win10v2004-20231215-en

Max time kernel

39s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe"

Signatures

NullMixer

dropper nullmixer

PrivateLoader

loader privateloader

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4080 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4080 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 4080 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
PID 2516 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe
PID 2516 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe
PID 2516 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe
PID 1836 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 1836 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 1836 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\WerFault.exe
PID 1836 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 264 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1836 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1692 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12133a64f6944.exe
PID 1692 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12133a64f6944.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe

"C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12133a64f6944.exe

Thu12133a64f6944.exe

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12bdb3e13710e08.exe

Thu12bdb3e13710e08.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1836 -ip 1836

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 560

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fc09d4538e825.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fc09d4538e825.exe" -a

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12a736a81a0d80.exe

Thu12a736a81a0d80.exe

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1229846e873eb.exe

Thu1229846e873eb.exe

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu129287bed6aee7d37.exe

Thu129287bed6aee7d37.exe

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe

Thu1292a34e8c7.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 824

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 832

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fa34d54ce.exe

Thu12fa34d54ce.exe

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fc09d4538e825.exe

Thu12fc09d4538e825.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12a736a81a0d80.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 880

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu1229846e873eb.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12bdb3e13710e08.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12133a64f6944.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu1292a34e8c7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu129287bed6aee7d37.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12fa34d54ce.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12fc09d4538e825.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1596

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1780

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1600

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2984 -ip 2984

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4576 -i 4576 -h 536 -j 528 -s 408 -d 0

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2984 -ip 2984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1788

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 1048

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2984 -ip 2984

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 hsiens.xyz udp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 one-wedding-film.xyz udp
US 8.8.8.8:53 getonlinewoostudio.xyz udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 live.goatgame.live udp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.10.214:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 w0rkinginstanc3.xyz udp
US 8.8.8.8:53 2no.co udp
US 3.141.96.53:443 live.goatgame.live tcp
US 172.67.149.76:443 2no.co tcp
US 8.8.8.8:53 53.96.141.3.in-addr.arpa udp
US 172.67.149.76:443 2no.co tcp
US 8.8.8.8:53 76.149.67.172.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 eduarroma.tumblr.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.22:443 eduarroma.tumblr.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 22.154.114.74.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.10.244:80 tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 varmisende.com udp
US 172.67.145.41:80 varmisende.com tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
N/A 127.0.0.1:61947 tcp
N/A 127.0.0.1:61949 tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 3.141.96.53:443 live.goatgame.live tcp
US 104.21.5.208:80 wfsdragon.ru tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 208.5.21.104.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 a182f44cef689762be8bfaf07a3ca9d4
SHA1 7e838791febbcbd1702a122717e823c341ac67f1
SHA256 bf74244b1607426457dbc65cd8f07b67d0669b6b1392e73ecd98acfd35fb517b
SHA512 d7e42d6d4427df59bbfd3fc3236174594a4158f8a8b6acd645e208823352bf4f9fbb329eb0bde1872b62037cddae8e7523fa5179d11c4924e06b984b8a9ac4ed

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 19dba15bd09448202c54636ea8427bdc
SHA1 91359f557664126edd153b562fb161d9cd93b8da
SHA256 bd084e66763b818f9c89c5f44f71fedf698a8a247eb2929e3b93bfd1f6812c23
SHA512 8a88fc7393e735780a6e73921312a629bf6254ac5d91b2b46ed99b6fdf29a77a5fc1b86fcf480c2e4948753fdf607a42d2bb80d7ca1ff81b42c824b275cb1a38

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 f1c89e8224db361bc46ce3fdab84608a
SHA1 5ec9dbbf8fd65ef11c5416ab3c7b0ce624ce79ef
SHA256 67f44941b2b6bbb4a51dbf67e96012e6dec4070c5dfff9c778ca1eac43a10299
SHA512 17dab03c799fb86da587f3e4b6f0451879bab4b93be9c7c834c2d1b4ea95728e2361f413dcb27d7de79eb570d642467979aa091425a02e079cfff24f581816b5

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe

MD5 5da0bd6ce560f6c4e2aedfb8de6b14bf
SHA1 1daebfbe3f63ce4c917348f56116c705b33295a3
SHA256 ae81d0494007f317502d165b830240e5923fb2ef669f726c7b4f6bdb6e1af1dc
SHA512 616cceae489d7e89b469c0883b8b134b4275dc8344fd00c0f77f4f24081b48a0a2e3163e4fecc5342c25bff4db4f938f075c8d9cfb253a914a23752df43ba192

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe

MD5 5bf733360e4f51d404ba2a2b40339226
SHA1 2c3afb7572c52e76c9650d03c3d1ae2f2509084b
SHA256 cc838fa0cd0d5338e764b36b50502e35d1ee41f881e2e69b4f8590f712f379b3
SHA512 aaf23231188296d701051f1a323dfebda8db2b17ee65baa9996ad63cc6751937f7b176fa13373115799ba5b1ddfc0ecdc40821053f2e5853df894d5136a8cfe1

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\setup_install.exe

MD5 ea1df3b8740f5ff4ea3103f120de4bd0
SHA1 f02ab8ff8e8944b1ccb3172f15c62a7a29f4ad2b
SHA256 e5be1203bb857fd3621a73b21697d049b33ad72096acf93c9ae430869961a3d3
SHA512 8ad5ac3e9c2b2c4863181abfea8e2a61e88193872c9604028f70d64d57e21ab0e59a29044c5f9e6163561b677a1e5b5a44eda803c4c3cf23005fdbb0619f916a

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

memory/1836-59-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libstdc++-6.dll

MD5 a193ffdca5964b12c791db8c3a33f5f6
SHA1 3003e03561588215f677cfe88862ae0a3c6c3300
SHA256 4d47641be71c5f4a3abc7781e9d1c591fde5f8475fc0ca0f5e1c0ceb884a097c
SHA512 d2ca365c1ea37df490a54dc4f3ce3a624f6164cfa150fc541e39f6eada13ba52de4a23a7760b7417ec8fb4afd248094157c0641e6b4226a6c86b8a4461210590

memory/1836-62-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1836-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1836-61-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1836-67-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1836-69-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1836-71-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1836-70-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1836-68-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1836-66-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1836-63-0x00000000007B0000-0x000000000083F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libstdc++-6.dll

MD5 5e279950775baae5fea04d2cc4526bcc
SHA1 8aef1e10031c3629512c43dd8b0b5d9060878453
SHA256 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
SHA512 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

memory/1836-58-0x000000006B440000-0x000000006B4CF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu129287bed6aee7d37.exe

MD5 0a0d22f1c9179a67d04166de0db02dbb
SHA1 106e55bd898b5574f9bd33dac9f3c0b95cecd90d
SHA256 a59457fbfaf3d1b2e17463d0ffd50680313b1905aff69f13694cfc3fffd5a4ac
SHA512 8abf8dc0da25c0fdbaa1ca39db057db80b9a135728fed9cd0f45b0f06d5652cee8d309b92e7cb953c0c4e8b38ffa2427c33f4865f1eb985a621316f9eb187b8b

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12133a64f6944.exe

MD5 951aaadbe4e0e39a7ab8f703694e887c
SHA1 c555b3a6701ada68cfd6d02c4bf0bc08ff73810e
SHA256 5a2934ac710f5995c112da4a32fde9d3de7d9ed3ea0ac5b18a22423d280b5c6d
SHA512 56a605bf8a2f2d1a5068f238578f991f44497755297a44e4fc4dad78c2c7d49e52d43979fb0f28a9af0513292da4a747beeb337edd156139a97f597ce23666d9

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu129287bed6aee7d37.exe

MD5 e991760c424304af424e2fc36cecd48a
SHA1 90b533baff26cbcf7f02a4430efb68c089956747
SHA256 d77f92a1a87b81e16f5913027999fe0c71a15a61607ec8131942243cd579935b
SHA512 db495a55a0608e26b960b5b9117fa330da764c813da656f4ab50e7507fc2131d80cbb9903a0bd451e9457a99ca518f8c440cfd75a8099cc8098bacb332947608

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12a736a81a0d80.exe

MD5 de595e972bd04cf93648de130f5fb50d
SHA1 4c05d7c87aa6f95a95709e633f97c715962a52c4
SHA256 ed6d502c7c263fd9bd28324f68b287aea158203d0c5154ca07a9bcd059aa2980
SHA512 1f4b6c60c78fe9e4a616d6d1a71a9870905ef1aadebd26cf35eac87e10be79db5f7cecdef9d835639b50f7394b6fce9285ff39a8d239768532ba7ed6c7cfdb99

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1229846e873eb.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/960-93-0x000000001B120000-0x000000001B130000-memory.dmp

memory/3944-94-0x0000000000ED0000-0x0000000000EFC000-memory.dmp

memory/3944-95-0x00007FFDB0620000-0x00007FFDB10E1000-memory.dmp

memory/2296-92-0x00007FFDB0620000-0x00007FFDB10E1000-memory.dmp

memory/4240-96-0x0000000002E10000-0x0000000002E19000-memory.dmp

memory/1780-97-0x0000000002B40000-0x0000000002B76000-memory.dmp

memory/3944-98-0x00000000016A0000-0x00000000016A6000-memory.dmp

memory/3944-99-0x00000000016D0000-0x00000000016F0000-memory.dmp

memory/960-91-0x0000000000300000-0x0000000000308000-memory.dmp

memory/1780-100-0x0000000005380000-0x00000000059A8000-memory.dmp

memory/4240-103-0x0000000000400000-0x0000000002CBB000-memory.dmp

memory/3944-101-0x00000000016B0000-0x00000000016B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12bdb3e13710e08.exe

MD5 068217b91d34328431c181b171a322fc
SHA1 4bc9fcf07a751d8c1f99e4fc95236301f829d880
SHA256 c57c943b27a7f4a2a5f2f3ecd91503535629959780e88594d30b46d2d2f93476
SHA512 096546113cae031b7e4210a1bd165ac3c0cc790864546893ca6ff921a8a5f1ada271d7c670bea93cd00439543b1ae22cf45deabe584cf3705ccbce18f47d5b12

memory/2296-89-0x0000000000840000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1292a34e8c7.exe

MD5 3b200665b9158eb6b0a41a08acb5366d
SHA1 950ceabe1880360eca5dac15759b5c9d7bdd14bb
SHA256 9e0fb2a9b8306db9897752d9eaa2549c2db363d6bf2f6792c1c40756407642d7
SHA512 2557a4a2816c4c832191bf4d72cac4e9428407f5780889e6b0fdbc8d8a87282189becb832fa2917ad0dd6d4bb8b1a3df701f99b69efdc7d71f6bb33bca8a0f15

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fc09d4538e825.exe

MD5 c0d18a829910babf695b4fdaea21a047
SHA1 236a19746fe1a1063ebe077c8a0553566f92ef0f
SHA256 78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98
SHA512 cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823

memory/1780-105-0x0000000073680000-0x0000000073E30000-memory.dmp

memory/1780-106-0x0000000005A60000-0x0000000005AC6000-memory.dmp

memory/1780-104-0x0000000005260000-0x0000000005282000-memory.dmp

memory/1780-109-0x0000000005B40000-0x0000000005BA6000-memory.dmp

memory/1836-116-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1780-121-0x0000000005CB0000-0x0000000006004000-memory.dmp

memory/1836-123-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1780-125-0x0000000004D40000-0x0000000004D50000-memory.dmp

memory/2984-124-0x0000000004820000-0x00000000048BD000-memory.dmp

memory/1836-126-0x0000000000400000-0x000000000051B000-memory.dmp

memory/1836-128-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1836-129-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1836-130-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/1780-132-0x0000000006140000-0x000000000615E000-memory.dmp

memory/2984-133-0x0000000000400000-0x0000000002D17000-memory.dmp

memory/1780-134-0x0000000006680000-0x00000000066CC000-memory.dmp

memory/3944-135-0x000000001BC40000-0x000000001BC50000-memory.dmp

memory/1836-131-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4240-138-0x0000000002F60000-0x0000000003060000-memory.dmp

memory/2296-137-0x000000001B420000-0x000000001B430000-memory.dmp

memory/1780-139-0x0000000004D40000-0x0000000004D50000-memory.dmp

memory/2984-140-0x00000000030C0000-0x00000000031C0000-memory.dmp

memory/960-136-0x00007FFDB0620000-0x00007FFDB10E1000-memory.dmp

memory/1836-127-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1836-122-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/1836-110-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1836-108-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1836-107-0x0000000000400000-0x000000000051B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12fa34d54ce.exe

MD5 80f7c161d7b1b85427be8f20c3afa100
SHA1 3e0b21c0c93bd40c976654837e115a90a0b9fbcd
SHA256 82bed14b531236c5b98d7711f50e7ed9b241dec7af3fcbadf070ebda8497d027
SHA512 d279ef7368cb9fcd895e4dd4a7e550daff15c57a116da2adc4ebcaa271487ba589f9248820095132796e663cdd4bb296a198eec94f6a649ff07745fd81cb2268

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu1229846e873eb.exe

MD5 f994e0fe5d9442bb6acc18855fea2f32
SHA1 dd5e4830a6c9e67f23c818baadade7ee18e0c72c
SHA256 1f415ba6299b928a8c28e3223b4376f9d06673b65f0921edb23c1b63e5518bf4
SHA512 38a8af841dbd97c2138c5200d656b25b5eed8738049a7c92f745a810bb15f21f8d3d50c68fe18a9562bb7b0cb81da1d71310c7513eb9de9a7c2f63fb8e9f51c3

C:\Users\Admin\AppData\Local\Temp\7zS4D9AF4D7\Thu12bdb3e13710e08.exe

MD5 05a0baf55450d99cb0fa0ee652e2cd0c
SHA1 e7334de04c18c241a091c3327cdcd56e85cc6baf
SHA256 4cfbdd8acdc923beeca12d94f06d2f1632765434a2087df7ac803c254a0adf9c
SHA512 b6d1fc00d7b076068b0879fa4d29b68d3054b5fca24edd5852077bf34d37c43e79cb74fda9c45014610b317d57d70369a3e197784c04bc3c6eac5e1ea9a64fff

memory/1780-141-0x0000000004D40000-0x0000000004D50000-memory.dmp

memory/1780-155-0x00000000066F0000-0x000000000670E000-memory.dmp

memory/1780-159-0x00000000073E0000-0x0000000007483000-memory.dmp

memory/3508-145-0x0000000000F40000-0x0000000000F55000-memory.dmp

memory/1780-144-0x000000006F5B0000-0x000000006F5FC000-memory.dmp

memory/4240-157-0x0000000000400000-0x0000000002CBB000-memory.dmp

memory/1780-143-0x000000007F260000-0x000000007F270000-memory.dmp

memory/1780-142-0x0000000007120000-0x0000000007152000-memory.dmp

memory/1780-160-0x0000000007B10000-0x000000000818A000-memory.dmp

memory/1780-161-0x0000000007190000-0x00000000071AA000-memory.dmp

memory/1780-162-0x00000000074D0000-0x00000000074DA000-memory.dmp

memory/1780-163-0x00000000076C0000-0x0000000007756000-memory.dmp

memory/1780-164-0x0000000007650000-0x0000000007661000-memory.dmp

memory/1780-165-0x0000000007680000-0x000000000768E000-memory.dmp

memory/1780-166-0x0000000007690000-0x00000000076A4000-memory.dmp

memory/1780-168-0x0000000007770000-0x0000000007778000-memory.dmp

memory/1780-167-0x0000000007780000-0x000000000779A000-memory.dmp

memory/1780-171-0x0000000073680000-0x0000000073E30000-memory.dmp

memory/3944-175-0x000000001BC50000-0x000000001BD52000-memory.dmp

memory/3944-178-0x000000001BC50000-0x000000001BD52000-memory.dmp

memory/3944-182-0x00007FFDB0620000-0x00007FFDB10E1000-memory.dmp

memory/2296-183-0x000000001B430000-0x000000001B532000-memory.dmp

memory/960-184-0x000000001B120000-0x000000001B130000-memory.dmp

memory/2984-186-0x00000000030C0000-0x00000000031C0000-memory.dmp

memory/2296-185-0x000000001B420000-0x000000001B430000-memory.dmp

memory/960-188-0x000000001AF40000-0x000000001B042000-memory.dmp

memory/3508-192-0x0000000000F80000-0x0000000000F81000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-30 21:40

Reported

2024-01-04 13:52

Platform

win7-20231215-en

Max time kernel

0s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe"

Signatures

Gozi

banker trojan gozi

NullMixer

dropper nullmixer

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe

"C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe" -a

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12bdb3e13710e08.exe

Thu12bdb3e13710e08.exe

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu1292a34e8c7.exe

Thu1292a34e8c7.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 424

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12a736a81a0d80.exe

Thu12a736a81a0d80.exe

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fa34d54ce.exe

Thu12fa34d54ce.exe

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu1229846e873eb.exe

Thu1229846e873eb.exe

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe

Thu129287bed6aee7d37.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe

Thu12fc09d4538e825.exe

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12133a64f6944.exe

Thu12133a64f6944.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12a736a81a0d80.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu1229846e873eb.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12bdb3e13710e08.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12133a64f6944.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu1292a34e8c7.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu129287bed6aee7d37.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12fa34d54ce.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Thu12fc09d4538e825.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 956

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe"

C:\Users\Admin\AppData\Local\Temp\6AD4.exe

C:\Users\Admin\AppData\Local\Temp\6AD4.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Local\Temp\71B8.exe

C:\Users\Admin\AppData\Local\Temp\71B8.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 340

C:\Users\Admin\AppData\Local\Temp\35gguag95im5q_1.exe

/suac

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\SysWOW64\regedit.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /CREATE /SC ONLOGON /TN "Windows Update Check - 0x1BB70478" /TR "C:\PROGRA~3\JAVAUP~1\35GGUA~1.EXE" /RL HIGHEST

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 hsiens.xyz udp
US 8.8.8.8:53 live.goatgame.live udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 one-wedding-film.xyz udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 getonlinewoostudio.xyz udp
US 8.8.8.8:53 w0rkinginstanc3.xyz udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 eduarroma.tumblr.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 2no.co udp
NL 37.0.10.214:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.22:443 eduarroma.tumblr.com tcp
US 104.21.79.229:443 2no.co tcp
US 104.21.79.229:443 2no.co tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 varmisende.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 104.21.71.125:80 varmisende.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.10.244:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 cuckoldlover.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 188.114.97.2:80 cuckoldlover.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 359ac7425c20b0cd75d6793e0363eae8
SHA1 0f8d92be7b5d73864aa6da89885a9b93bd531422
SHA256 4cfe23ed5e1828a8682d583967cfdd0925712411fe0019cfe5969edc470fe6f1
SHA512 952e5ddf26e8e5f73e4517ac6021a6c6bc7472a85682e93b299520b012e3efaf835cf2ec499251c331cfb32ecc0845e35bf1ccfe4f04f6c89ead71ee38adf962

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 196b530c61a5507af0b6083e709bb932
SHA1 0230d312c576dd7210eb57c5375ce1892b2e1d8b
SHA256 3e6d4eaa17e4b0b53e58d394b568b3fe33cb493c5f6cfc7a07e09b274a5b4ca1
SHA512 d7d4850cc36efb226e21e80455ef583709c9ab474e404c465aef82a51a21e79964572e4404f8696c65af510f22c9c61626be3b7fd81d9aa8b44beeddb0f46bf4

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 ba71171deee238efa2be7959b036fdff
SHA1 73fc4dc3c679cd653270e3392ade3742b345a234
SHA256 3385772012353749c04ec25024d8936c927b3a381bf3f6f18f49832d5c3707fa
SHA512 ae89d6b2d6b1ae360c578cdeaa8ec2e895614c9d15cfcee6d65d940c79f1bce693ff717893404ce4097e3e90b81018aff37ecf6088bc204c6675c0d2bc181fa3

\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 9b44481728f8fd6894874cf9171e81f1
SHA1 e36f10ea66dbf472629b73ed98595a850c9045a8
SHA256 d56b2405d390856b7641ad6777e8cfb7722757547e41407ecbd54ca32c047ada
SHA512 cd6c7f72637c29c2da1292d45baf8438bb10429f6730e483e78da5f7572639f6018076081b709e0547c16571374385e7c13261bce5d2b92c6e864a38f816c7c5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 2ea907fc431c1de6dd3574e1513e64ed
SHA1 78a5e507ef85eb2731a93792c0fb835f36fff094
SHA256 608515e1f11bf0710007f6ea71ec36464f3142657c8075c6e3527b7a2b94e862
SHA512 f7bdd4e3281a5bfc18d0d59c70d800a13c1272f8dd2306085b14a28b9e1f0ce3d1acafa83fab8b1f9f7ec07ec9393459e322ff6b593e2a12dd2d5e02f022d6a6

memory/2740-59-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2740-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2740-69-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2740-71-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2740-76-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1716-119-0x0000000000EF0000-0x0000000000EF8000-memory.dmp

memory/2568-155-0x0000000000250000-0x0000000000270000-memory.dmp

memory/2568-159-0x00000000002F0000-0x00000000002F6000-memory.dmp

memory/2568-146-0x0000000000240000-0x0000000000246000-memory.dmp

memory/2568-164-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/2908-118-0x0000000000C90000-0x0000000000C98000-memory.dmp

memory/1728-169-0x00000000002E0000-0x000000000037D000-memory.dmp

memory/1984-170-0x0000000073A70000-0x000000007401B000-memory.dmp

memory/1728-178-0x0000000000400000-0x0000000002D17000-memory.dmp

memory/1728-168-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

memory/1756-167-0x00000000003D0000-0x00000000003D9000-memory.dmp

memory/1756-166-0x0000000000240000-0x0000000000340000-memory.dmp

memory/1716-181-0x000000001B1E0000-0x000000001B260000-memory.dmp

memory/2908-182-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/2908-180-0x000000001AF40000-0x000000001AFC0000-memory.dmp

memory/1756-179-0x0000000000400000-0x0000000002CBB000-memory.dmp

memory/1716-165-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/2568-117-0x00000000013C0000-0x00000000013EC000-memory.dmp

memory/2740-79-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2740-78-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2740-75-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-74-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-73-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-72-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-68-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2740-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-66-0x000000006B440000-0x000000006B4CF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\libcurlpp.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\7zS0F1C0636\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

MD5 47d3388bcd67a5424e1f73abb38f8d16
SHA1 f713f2df69b89f8ca42ccdb7e61bf6c160c29267
SHA256 ed6b6c31ea3200151dcb0934291a3e6f8efd47c71195a468ef1feda8967a4023
SHA512 0c53e0591d42b0bc1550f0b74e4845d7590ac444976a3054c30111e8478d61ed121fba8265ef61a1545fed39c3bf8bb5a7c4b27d6e89603893c8ec2e1163ace7

\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

MD5 622ecf83905cdff87255acaf7d923574
SHA1 7dfbdef78668ffe8cc8cd4c40bf3bc26d8a098f5
SHA256 a80b53312dc742c7b91967a8ca76d5a9ed0faef31f217323c3aec2fa2fedfd1c
SHA512 10ae2288b169e44a4c27fb5378d1ad1efc221356ee9ff1f12c66ec3beb72ebb13a7ca422682abef64740d52bb6bdffc21d330343f79c829b57cb2de9d56d6ded

\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

MD5 a5d0b1025f34b4f66c34e8e0cdc37491
SHA1 6f254f5626c34b2c148558fac8785c43e887f3b6
SHA256 e4ffd175342f2dfb0c88bfd3f7cd41dd9f894795a0d3cf04b413fc652970d5a3
SHA512 b54162a8bbdd532b546c3a8f8a06f7869ac8c0533d6ceca43a12fd9153e672000c016ad4d8e214ca4db67334bca0153859465341629f8577d5a445094222650d

memory/1208-283-0x0000000002D60000-0x0000000002D75000-memory.dmp

memory/1756-284-0x0000000000400000-0x0000000002CBB000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

MD5 5da0bd6ce560f6c4e2aedfb8de6b14bf
SHA1 1daebfbe3f63ce4c917348f56116c705b33295a3
SHA256 ae81d0494007f317502d165b830240e5923fb2ef669f726c7b4f6bdb6e1af1dc
SHA512 616cceae489d7e89b469c0883b8b134b4275dc8344fd00c0f77f4f24081b48a0a2e3163e4fecc5342c25bff4db4f938f075c8d9cfb253a914a23752df43ba192

memory/2568-299-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/2740-302-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2740-305-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2740-304-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/1728-306-0x0000000000400000-0x0000000002D17000-memory.dmp

memory/2740-303-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2740-301-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2740-300-0x0000000000400000-0x000000000051B000-memory.dmp

memory/2556-326-0x0000000000010000-0x000000000006D000-memory.dmp

memory/1716-328-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/1728-330-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

memory/2556-327-0x0000000000290000-0x00000000002F6000-memory.dmp

memory/2556-335-0x0000000001EF0000-0x0000000001EFC000-memory.dmp

memory/2556-337-0x0000000077C20000-0x0000000077C21000-memory.dmp

memory/2908-336-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

memory/2556-334-0x0000000000510000-0x0000000000511000-memory.dmp

memory/2556-333-0x0000000000310000-0x000000000031D000-memory.dmp

memory/2556-332-0x0000000000300000-0x0000000000306000-memory.dmp

memory/2556-331-0x0000000000290000-0x00000000002F6000-memory.dmp

memory/2164-341-0x00000000000D0000-0x0000000000194000-memory.dmp

memory/2164-340-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-353-0x00000000000D0000-0x0000000000194000-memory.dmp

memory/2556-348-0x0000000000530000-0x0000000000531000-memory.dmp

memory/2164-361-0x00000000000D0000-0x0000000000194000-memory.dmp

memory/1208-362-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/2164-360-0x00000000000D0000-0x0000000000194000-memory.dmp

memory/2164-359-0x0000000000520000-0x000000000052C000-memory.dmp

memory/2164-358-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-364-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-363-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/904-357-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/1208-355-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/2556-354-0x0000000000300000-0x0000000000306000-memory.dmp

memory/2164-347-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2556-352-0x0000000000290000-0x00000000002F6000-memory.dmp

memory/2164-344-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-365-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-343-0x0000000000260000-0x0000000000266000-memory.dmp

memory/2164-342-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-339-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-338-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/2164-367-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/1728-375-0x00000000066E0000-0x00000000067A4000-memory.dmp

memory/1204-379-0x0000000002E60000-0x0000000002F24000-memory.dmp

memory/2372-378-0x0000000002A80000-0x0000000002B44000-memory.dmp

memory/1964-377-0x0000000002E90000-0x0000000002F54000-memory.dmp

memory/1524-383-0x0000000077A81000-0x0000000077A82000-memory.dmp

memory/2164-391-0x0000000000260000-0x0000000000266000-memory.dmp

memory/1208-395-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/1668-396-0x0000000077A81000-0x0000000077A82000-memory.dmp

memory/1172-394-0x0000000077A81000-0x0000000077A82000-memory.dmp

memory/904-393-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/1208-392-0x000000013FDB0000-0x0000000140475000-memory.dmp

memory/1208-390-0x0000000002D80000-0x0000000002D86000-memory.dmp

memory/1204-389-0x0000000002E60000-0x0000000002F24000-memory.dmp

memory/2908-397-0x0000000077A30000-0x0000000077BD9000-memory.dmp

memory/1204-388-0x0000000077C3D000-0x0000000077C3E000-memory.dmp

memory/2164-387-0x00000000000D0000-0x0000000000194000-memory.dmp

memory/2164-386-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/1964-385-0x0000000001DB0000-0x0000000001DBC000-memory.dmp

memory/1964-382-0x0000000002E90000-0x0000000002F54000-memory.dmp

memory/1964-381-0x0000000002E90000-0x0000000002F54000-memory.dmp

memory/1964-380-0x0000000002E90000-0x0000000002F54000-memory.dmp

memory/764-376-0x0000000000FB0000-0x0000000001074000-memory.dmp

memory/1208-374-0x0000000077A81000-0x0000000077A82000-memory.dmp

memory/2248-373-0x0000000002940000-0x0000000002A04000-memory.dmp

memory/2128-372-0x0000000000BB0000-0x0000000000C74000-memory.dmp

memory/2712-371-0x00000000008B0000-0x0000000000974000-memory.dmp

memory/2652-370-0x0000000002850000-0x0000000002914000-memory.dmp

memory/2740-369-0x0000000001E90000-0x0000000001F54000-memory.dmp

memory/496-368-0x00000000034C0000-0x0000000003584000-memory.dmp

memory/2164-366-0x0000000077C10000-0x0000000077D91000-memory.dmp

memory/496-400-0x00000000034C0000-0x0000000003584000-memory.dmp