Analysis Overview
SHA256
c767c0c438dd1a2bfb6d14e35c30b24971b9a2db90748177ee23959b7b6b22ed
Threat Level: Known bad
The file 0a7b9a3a120d129f53edd0c6fa2564b2 was found to be: Known bad.
Malicious Activity Summary
ZGRat
Detect ZGRat V1
SmokeLoader
RisePro
Vidar
NullMixer
PrivateLoader
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Vidar Stealer
Loads dropped DLL
ASPack v2.12-2.42
Checks computer location settings
Reads user/profile data of web browsers
Themida packer
Checks BIOS information in registry
Executes dropped EXE
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Modifies system certificate store
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 01:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 01:43
Reported
2023-12-30 14:22
Platform
win7-20231215-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NullMixer
PrivateLoader
RisePro
SmokeLoader
Vidar
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\d8209827f876d25.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\b7816bfa03.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\b7816bfa03.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0a7b9a3a120d129f53edd0c6fa2564b2.exe
"C:\Users\Admin\AppData\Local\Temp\0a7b9a3a120d129f53edd0c6fa2564b2.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c dc56b88fa7bd64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 0c1a94348.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe
72a3df5b6765f57.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\d8209827f876d25.exe
d8209827f876d25.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
38a72d1941.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe" -a
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
ae53a1dbd6.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
0c1a94348.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
dc56b88fa7bd64.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe
2e80f89eab2.exe
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\b7816bfa03.exe
b7816bfa03.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ae53a1dbd6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 72a3df5b6765f57.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c d8209827f876d25.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b7816bfa03.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2e80f89eab2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 38a72d1941.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 940
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | watira.xyz | udp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.4.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 172.67.75.166:443 | api.db-ip.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 104.18.146.235:80 | www.maxmind.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.11.8:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | aucmoney.com | udp |
| US | 8.8.8.8:53 | thegymmum.com | udp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | atvcampingtrips.com | udp |
| US | 8.8.8.8:53 | kuapakualaman.com | udp |
| US | 8.8.8.8:53 | renatazarazua.com | udp |
| US | 8.8.8.8:53 | nasufmutlu.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 172.67.133.215:80 | wfsdragon.ru | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| N/A | 127.0.0.1:49253 | tcp | |
| N/A | 127.0.0.1:49255 | tcp | |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 35e5a114b616f1a28908e217264534f1 |
| SHA1 | 9224ee0c70041127755d95fa9f4eb11af62cb156 |
| SHA256 | 7745894238ab7c1860fbe77c5e39798064918b9de58c6fd0719a89cf8ec227c5 |
| SHA512 | d3ef70d37452634c2a9897034599f3c70b40f8bb7898d2d56a14c914759b23470581e6b73e63daa9daace3d41ca53afba8480e25aac6e123ca945ede83912866 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 21020d035d5bcb68959e3e914fc4fdb5 |
| SHA1 | 5bffed55fdee4cc2519391db740009b3e4fca3f2 |
| SHA256 | afa58a2d995c99c3d49995c4ca07458257a91e39a7d65f779159eabb2a974611 |
| SHA512 | 39ea966edb3590ae60c629c62b9171f4dad4cb8ae6f4aa0e03f19b27878a0b9cc27caea25dea5a526e90647b0661671119a9eccd4d48e6de7a4e4d395628fbc6 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | bc76a2e03c6a5ab41d1857de5a2a0c33 |
| SHA1 | 8ddbb53790166619494df6cb1c913653ca74d2d5 |
| SHA256 | 6334e8adb1a68134c1d3324e64afecaff6ac80035dd63813306c83ce51fae313 |
| SHA512 | d9b30e6c057211d5c55c228f0b98819ac994621f940a03bb60f2ba9dd97a6010301fb1473b0d7d9c9b9a346a0b8515a966515df0f12c9d1d9a7d8a11849b93c9 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | fe7f3282c974c5510dd33d5958d62d28 |
| SHA1 | ef1a49a6c03ca982c587d03707e3db1e21d9d1fb |
| SHA256 | fb5d0220f42336f3a8654390201194a95ef99c6c3a2715acb2ab5a2b4e4e294b |
| SHA512 | e3675234517d3c3077e2b0c7574c8ffe3aa1ce44a8acbcb67bf83921938ccf1820a78dd069396d3a8eff981297b9fe65ba0170248e94752cb3bec5ab75cf9b16 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 385c87de737e58ad2f17fc5aea7d7eec |
| SHA1 | 6e6edd866ffb50829f451d9cc56c722de2ace984 |
| SHA256 | 2444bf40443ebf68141c3918434944502a4193fa01502423cb51649b35b0794d |
| SHA512 | e8969927727fd45d0abc603d58ed853cfe213605f861fb9e2c9f57d8d7d9c5087434ab246bb2fbb6255bfc349a5762653bd598a73bbfc4d2ae6ebef18834cb68 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libwinpthread-1.dll
| MD5 | 6a5c70f18d42cb74b5e2fa58a5f82b6d |
| SHA1 | 15fd17f36b1e1332eb4d2c0719891cabba1b52bb |
| SHA256 | f86f4f180a06a6feda8a2af4580540f9428d844c73ef00e6f8257e51f23dd528 |
| SHA512 | f48b0b4265d7dccc26d168f209a4f0abede466ee366eb9ef8a18ce179ff5e6f5428d31e734ccf14414c625faf6bae9ba21556152b68eae93f946ae86e120e025 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libwinpthread-1.dll
| MD5 | bdcd5fc6cc3c911bfdd1e497e79b23b7 |
| SHA1 | 1292cb78d30865f495b3d888b10cbe54827fa91c |
| SHA256 | e3994727e582f1855138f979f68d19968284306982dab306fbcae41a49177401 |
| SHA512 | 80446d47247d37bc85861a2df0aadc4bbf8ff352438bf60c25afe4d65fa12f77252148bfb5e84efc99f350751789fe1b83c98581184f7e6823a2013769ce30b7 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
memory/2696-31-0x000000006B440000-0x000000006B4CF000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
memory/2696-28-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libstdc++-6.dll
| MD5 | d964bbad5218aa6b1e6b41ce69f791fa |
| SHA1 | 4cdde67d866599dada1ab95899f74a3b378bca61 |
| SHA256 | ff6fac090ec2455a663dd746a7a7624893f46c0619dfaabde4d4160d19fab8bb |
| SHA512 | f8532fa7704c550913f43aeea95480d7bb1e92d240080547e8eb217ee6bc102b7d60c8f6ea50dd65b22f3c938a47065ea5855c94acddfa03f297cf7dbd105029 |
memory/2696-42-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2696-43-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2696-41-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2696-46-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2696-48-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2696-49-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2696-51-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2696-52-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2696-45-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2696-44-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2696-40-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2696-39-0x000000006FE40000-0x000000006FFC6000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | ff577f8089af48bdca903088b9890939 |
| SHA1 | 9e61ee43267adc9ea0c9eaa8fad1224d6108eedf |
| SHA256 | 4eb6f567c6318fa80cb5e5e25533a5df8ef0d84fbad082f6f9b9720b687f99dd |
| SHA512 | 77fb7f339058e7f14ec1b8b5a88b15c5fd7833ebd5e9e8037c69be79c05252d298babf5894d7bd0c839e2ba6112275b0833589509f5064ae9dd3fa0117044ffa |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 336224395d311e835f6a5835e8460aae |
| SHA1 | a9472d3c465cedb12fe1136baafe9662b4987b36 |
| SHA256 | 76f742d67fb835bd51bb2e5785f65d44da2ecbec99f8712804e93e1af34a1c81 |
| SHA512 | e55b7d44b5fc18228afe71ec3e9fde4f69b72982525c109d159caca8928db9152e1f9fcc0cb6bf485f3d73272ebac59081225d47563b3ed22a15cdfd76b21b4a |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 07fbc68dcc4a5955dca64b9b2aadf412 |
| SHA1 | 41a12cece82e5d9c7d7e214fd8efa3447df54139 |
| SHA256 | c1f339f1d876b34da7b4e77349b228dff3618cec75abc074bd116ca9719a3ca7 |
| SHA512 | c8d6027d25710ae34dbc74ee4053b94ac30a77a56fa01d775badad4c80750178e26aabb7e8d203f76a63bdaa445a4a033bd364abdeded5e4220df932cc17e383 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | c63d52c4202e5a199d7d7e6a28f608c6 |
| SHA1 | d6a7ca7dcbe5389324ef85b0c142d5987166f58e |
| SHA256 | 18b5602200fd5389d17d9953339269f3fb4e77f9e22d29614deaef6501ef05b0 |
| SHA512 | c89dc03287c43fe3933c2e27a997de247546b5491a8232308566e714cd557fbd6fdf30f95d67de1172b894cd46465e229d3c549b005b5541fb37c595f03a8fff |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\libstdc++-6.dll
| MD5 | e6cf51dee9a0f9a0e0cc92ed75dd1204 |
| SHA1 | 178f6397f00e20838cb2e88b4106ea4bb98f4b14 |
| SHA256 | af175c6d487500df33e20db1ce8b57adddcc7444f0857b7393076730e3790d6c |
| SHA512 | 0541a9b7e34b924ca9f07d7f2c6aad46e89fea76e3ddc4418f620322f3c43d0f29d8db15430cd8856f69b1b304f5a1a35c10707881b33c14be177bcc935d79a7 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\b7816bfa03.exe
| MD5 | 83cc20c8d4dd098313434b405648ebfd |
| SHA1 | 59b99c73776d555a985b2f2dcc38b826933766b3 |
| SHA256 | 908b275d6fc2f20e9d04e8609a9d994f7e88a429c3eb0a55d99ca1c681e17ec8 |
| SHA512 | e00009e1f322a1fe6e24f88a1cc722acf3094569174e7c58ebf06f75f50a7735dcebf3e493886bbdc87593345adc8bb7b6f2daca2e64618f276075a0bb46bb8c |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | 107e8479b9b075529955daa861179e9c |
| SHA1 | a0bff0d893941923ef46aa5e4fcaeabb83c1bed5 |
| SHA256 | aef3821f64c140926f1b0ac2ec24703a4cc7befff9b8cac5acb207b2d83bf500 |
| SHA512 | b851c44809cc54bbc51487c78c7b82bd96d337ff34166b53060db0fef54e5d27fb95971d0e65998a7089872c4bef40d414065912121bc92fbc5344e9006d5d5d |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | 5f1e07296e2008c743901a953bd6441e |
| SHA1 | ee4344abc7d40d5a9abc96901b2a60e517c751ff |
| SHA256 | fe4ad494db2feb77740a9cd72fe3a49e0416eb72050ac8e5162076ab5ead1f2a |
| SHA512 | 310c66bf13336a673318694469b4a2e21f18447e4cb30255b2aa5bfb8644bac82a9b9a7d0b85b15b176752148e6de418e34c4562d73126e6265e9afe177587ce |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
| MD5 | 830d7351f2d99ac63d20505076fcf402 |
| SHA1 | 499efb2ffdf125faf041be07577aa3fe695e855c |
| SHA256 | 2708926eebdf3dc8c5eeddbf1bcd4c2de4c1ecd5bfdd1fae1d9c2e9efd42ed50 |
| SHA512 | 52f60e68d5bd1a3dc0f093271ee946f4ca0604ab3b1032071faa3d9db5617ad54bf1ce42c4068d876453348a746e607a5f6ed7c3f5c75cfc02ce552f96dcc073 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
| MD5 | 951d8fd7317225c1deed484a7ec87ca0 |
| SHA1 | 833021fb1ca1a0fbcc269a96d2fb2fa665ddb01b |
| SHA256 | a172abfdec9bf31d7cbfd43dae5b6f18a17661c1ded2965c9199703fae78b2a8 |
| SHA512 | 883879999e17dca7b94348f57f06f8d02ea041288958a46c5a0d950f9e4750cf512549cbe79b71418280e8c5b717f5a2f9772c21301414e9663c2e3e278b4cae |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
| MD5 | eeea7855a5fac99d07d16a06f6d23bb4 |
| SHA1 | 72af897b137c4b8b2e345a4b0a7cc2f62d4d9999 |
| SHA256 | 8f62abf8913f21b08b313e7c396ea52f11db6c2859dc59e7a59ea22a5488e92c |
| SHA512 | 4d2951782447ad2f92cfeab7208ec9d05e71238d6a6902a0c703623e0f524b21fb14c4d925cf983fb8063b140edf8a4320156053f041d0941a2a3c2d46b8644c |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
| MD5 | 17bd6908fc696e387d853510fad7b221 |
| SHA1 | 4dcee07d42df82d704333d5fd10cac9e1715e7f9 |
| SHA256 | 05d00d78701b0988849f7a448afac292abe2f417fcbad1e43bd31fa801c1805c |
| SHA512 | 86af62e74ee9299c4f2112d4c2b3b6d7c1720e27a7df0d1a5ad4403defd48900fe6f3e14c2d58aad02cc87934b6c0449b6a85152618eaf78d5c5a46b2134e0db |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\ae53a1dbd6.exe
| MD5 | 34d0ca847835bf797663aa36f8a3e3a5 |
| SHA1 | f85c96f13031973ba2c12b3997de2bed686a6ea6 |
| SHA256 | 4f307370d557bedbf05ea0efd728908ed1d516b39764d307a6f88b6366944752 |
| SHA512 | f7e1c459b60abfe67f09d0a963848cb69ee979686cb85af3d6f20b16fe544c3e0ce9cc51d361e9a38f51726f08df110212a6c27a4083d14594e6d06fb864ce20 |
memory/568-104-0x0000000001130000-0x0000000001138000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
| MD5 | 48ab95a7e6715e79a4069915603178fc |
| SHA1 | 3a04177d4a428cc58cdbbcdf6865a5140241c295 |
| SHA256 | e30d51c11d4558e3d5488e075d07beb0c113acf92d33b598a819110040ff8a72 |
| SHA512 | 2782b05d6e3f0462845fb31057223c41e9cf49286a04263bfe7cbc106323d1b39bb9a8a803835aa7f4bded6d211c9ccbbd475746df95e7eb81a51b64e88c562a |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe
| MD5 | f887975ff5a2a766f1082e090127ce6a |
| SHA1 | f3fb02c8cd7299e6936ea2fe4d20f24acca7dfda |
| SHA256 | b208db9e648a794294b6afd19cf9856ee1d7fa7b7882d58a9702cf65b6e21b09 |
| SHA512 | 79f9228c41ab28b85c9e3f6a49bb54f896501ddf603ed28222d77390f61c88a9a923168d41ffd3b69f11c73de20b6b93eea8ae86a2bd8690daef78a2fee3fc3b |
memory/2956-107-0x00000000008C0000-0x00000000008EE000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
| MD5 | 7e7997d69abdb6aa5f55e5213972d42c |
| SHA1 | 633646a53a8f84f95e945a68fd3acb4a892599da |
| SHA256 | f7249face2c7600ded3dcaadb89a1756bae430b1da22f50f4b5e626ac2881e78 |
| SHA512 | 24827b6f31cfa541a8f1dccdff668df1f2d4c7953049a8c1a00a6c092981527e21a8b54e5b947ddfdfbe3314da329e20e79ede6693360163973778144b14be83 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
| MD5 | c1a86e6d0f26d91e61585a6a710663f4 |
| SHA1 | 5858a12ddb703c1c1aac78415c2ad677184dccb1 |
| SHA256 | 8d612e10e92229a507cf411d36a9581f8f286b8564d375793c003da63b94bbd4 |
| SHA512 | 7594455bcfdab5d6284b455d5dfdf94d196c9a3a9d5097ca0b6487b6b7ccbe17c87dc14ac6428176a40e3a8bddb340588709a9da5dbe4698d9a29ea61a048bb4 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
| MD5 | 302ce6bd9a4a1d61c0981fac6d65e53d |
| SHA1 | 6a61e60da8b95b94d6ad6caa219f22fa28dbcc7b |
| SHA256 | 0085dc0036f4728b75249e88f4c585594f699256c6bb88b34bfb198c915fb3dc |
| SHA512 | 42faec05b773a38853770fae63adbe54d28a350794670448b516b355d322e54c154f50672c426da6ff212e6865fdd8b18cb570ec1a6aae4b7929030ccdeae8df |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\38a72d1941.exe
| MD5 | a380a727814dedf02c39415277b085b4 |
| SHA1 | 0a4be855a4b65aac59abc0481faf409e28e92450 |
| SHA256 | 6e7b1b90f6f926a61686a0bdb43eb9059176e9b4a3a0c02fe16ec809db5bac35 |
| SHA512 | 7f39c90b09d5e5488a18d191e1d445a461ceb7d137b4fc75f426e615ff2dadc2ca8703624f54aa019b38577b964dbf3f440e6c1727ce047772dff0740a2b246e |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe
| MD5 | c0d18a829910babf695b4fdaea21a047 |
| SHA1 | 236a19746fe1a1063ebe077c8a0553566f92ef0f |
| SHA256 | 78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98 |
| SHA512 | cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\72a3df5b6765f57.exe
| MD5 | 30edb58d36115c29f008c0b0f060000a |
| SHA1 | d18ebee53cc807d534268b8b998de53ae965c31f |
| SHA256 | 56f5badd70bf3faa037af8fd5ecc13efe1ff4e7faaa55c8f27c17f785f42778e |
| SHA512 | c09407664d66ff400cef4d0b89c1c06af731536e359543fc2cee0b407052329d44e9f3216ff8d95bd88c53196fb528ac78fc48126a9c88a7f65e2b11bf92631c |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | afa2e02bce1f7437baaf0308338cb88c |
| SHA1 | 26bd7d07809f9152e614a7389b2b63e55401f951 |
| SHA256 | 68c9f9ea6877088b39bac83beed32a514fc5741eba9b9fc60de6d3439df90b4b |
| SHA512 | 53d9b4de499da37a8fca299e245bd5862650f29efdc8116369eb958e59dc7871850533fd1c607308ffbac39650a578e3586e8c5d98dfe575ae3c0b64abe41e6b |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\2e80f89eab2.exe
| MD5 | 181f1849ccb484af2eebb90894706150 |
| SHA1 | 45dee946a7abc9c1c05d158a05e768e06a0d2cdc |
| SHA256 | aeb2d203b415b00e0a23aa026862cec8e11962fdb99c6dce38fb0b018b7d8409 |
| SHA512 | a87485005ca80e145a7b734735184fa2d374a7f02e591eec9e51b77dc2a51be7f8198ce5abfceb9546c48bf235a555f19d6c57469975d0b4c786b0db16df930c |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 54f95303753df56a3ee76a296a05d0ce |
| SHA1 | ab5a3c8e87285d56d400b0832cc8afd0bf5b631a |
| SHA256 | 2a00263dc9cb7686504abbfb65e0a292e08660e21c5d43415af2c495d033d72c |
| SHA512 | 766bee8780812a404e9302d64128a97519dc7520e1f7515f500130afa323786ca4fc9737fb9b1ac289ed5e1714be295d890c19203d580c0ce2b258d53162b6f5 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 30e542fb14abee00f3b468ab8c49e59f |
| SHA1 | d88269d3907f5ceecf9335cd1601e11ba8903581 |
| SHA256 | 23749e926a9e835a2bfe90b52cbf91067f65f72f6470e025ff8bec6df4393e37 |
| SHA512 | 1184566d96f5c356942b91210526a616dc4f18155b78b1ed3f35f0abbff751ed0e9c56051eaae3534d3669214a89c36fd74d730e8b41174c8305ed2e4cede071 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | 408674d7964bc2d78b0835013c699dcd |
| SHA1 | 982f6672b2cdaa7ee8aa809b08008dca36731be4 |
| SHA256 | e0ea94f7707dd40019284a21f9f5057ce058ecf07a6eec24187d216a66b2730d |
| SHA512 | 42e67f4e025c55b9f97b39cff2dcff2bababc703bb08cd9a02b90bad83759ca2bf873f97ad666ac6b80346a8f43b3af9ff79a7eb57442b5b9ddbfc3203a2ba59 |
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | 626224fa8a76d089283d2b168371a317 |
| SHA1 | 82703fea462b36f9fb9c890816f47993148e770f |
| SHA256 | 60018928e4448cc4a3662310dda55a62f71c1c40457b958a95be497071975d8c |
| SHA512 | 860c7b7ef10fde196589a1e9c430d7fe443a046502cec88a21bc253f119006f91ef7a5f8fa44bbb5b4469ed446f2bb64d1bda4242305334fbefc2f3a03c25931 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\0c1a94348.exe
| MD5 | 66a72ace9070b53cc52b36d0879d66ec |
| SHA1 | fe1593d0cf25bab43af2406a7b430f5a0e3d4218 |
| SHA256 | 78ed47c9acd71fec49c6fdde33ef12ccecc56f906a7dcf4aeb854f36b50a1c2a |
| SHA512 | ea4e6c67d45289f3de489ff0501c25649343ca5d5c1d37796ee94ea9a28ef0bc9950f44c5d8006de90e3666f0eb906446a982765b9fc933f20a741ada0daec87 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 05d261ff3be3453d64a08acaf6fbe22f |
| SHA1 | 2e70efd9a37d54d5308c8775a41f80ee0aac38e8 |
| SHA256 | b1695783646e8703c69cbd2bfe1fdcda6d1c0e44b1768f64b202e67e94c16e5d |
| SHA512 | e7a6e5d824589d03c80e8b4b79628aedec52ff60d7a65621da9b4ac8bba8632ca034fb7036dfdb6d954602219a07ee6601f5776e1745faf678e1af3309d78635 |
memory/2956-118-0x00000000004D0000-0x00000000004D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 0c2998f3032acae4cc910da35098e933 |
| SHA1 | 21514dd9f54629338bf840380e7c38d5ed50497b |
| SHA256 | d4f5127dd070e99c50a163ad9692b795f60d9ddd91e074cb2d764200016158d3 |
| SHA512 | 01783d423c3a3d47cb54add9febdf51e5e786bfd18fa7a4a0b7b24155643df6e563b92cafe20e01c2ae5b615a400d8674a86a2c5052e16bd06a3b053a69dd359 |
memory/2004-119-0x0000000000F90000-0x00000000017B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\d8209827f876d25.exe
| MD5 | 5866ab1fae31526ed81bfbdf95220190 |
| SHA1 | 75a5e08b3b9ad2dff35dfbbb3ffe8d983c2be25f |
| SHA256 | 9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e |
| SHA512 | 8d99ab09e84e4ef309da34be94946cbfcffeb1c0ca49e2452deb738d801e551062ebb134f1b99a9baf03003a8e720d525521ce09aeac341d3cba3fcfbc618fb5 |
memory/2956-120-0x0000000000500000-0x0000000000522000-memory.dmp
memory/2956-121-0x00000000004E0000-0x00000000004E6000-memory.dmp
memory/568-122-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 71cb30572855872ef534d854920faab8 |
| SHA1 | 20c01e256f5c766dfe1adcc5aa6cc950b67fd130 |
| SHA256 | fdc415c8e8cdce31fd24fed23d3fa217723abef855b52f766964696923eb466f |
| SHA512 | 765562dc2493989a3dbeafaa9c773bff85a7142bbf7970caf9955e50a50351b9a53b87bb788a103ff9703e873d4fb623e7037c7a6c0165657c732880376f5b9d |
memory/2004-124-0x0000000000F90000-0x00000000017B6000-memory.dmp
memory/2956-123-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 638253a67f18c0de8b235502ccacd8d1 |
| SHA1 | e0d63353ffb9d9ceb74a9475a5fe02d2f41ef13c |
| SHA256 | 95cbcac0b42bea66a1e53124491caf9cb4e8a1bf4fd0db72068671013b01bf59 |
| SHA512 | 684a04073f65bbc5d51e4110c5c0e77cc3c3c20dc441c056f0440c9c93f6e842139ed911a8b6c691dbc10ffe8a40b08dfdb6b36e34323cad0bb1384160bc1344 |
memory/2004-125-0x00000000017C0000-0x0000000001FE6000-memory.dmp
memory/2980-136-0x0000000004DB0000-0x0000000004E4D000-memory.dmp
memory/2980-128-0x0000000000300000-0x0000000000400000-memory.dmp
memory/2004-127-0x00000000772B0000-0x00000000772B2000-memory.dmp
memory/2004-126-0x00000000017C0000-0x0000000001FE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab7207.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar7229.tmp
| MD5 | fa527dcd6b5eb05e72fc51570a2a6608 |
| SHA1 | 3380c5ef74408265fba2f67e790636d0ad0a51cc |
| SHA256 | 4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d |
| SHA512 | 05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a |
memory/2980-164-0x0000000000400000-0x000000000334B000-memory.dmp
memory/1888-167-0x0000000000240000-0x0000000000249000-memory.dmp
memory/1888-166-0x00000000033C0000-0x00000000034C0000-memory.dmp
memory/568-165-0x000000001B230000-0x000000001B2B0000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | d9c866c1c1ad091683e8aad2bdfdf624 |
| SHA1 | e30fb7842b8a076f1ddf3fe816d30f467a7fae8e |
| SHA256 | 09320880c4c11129010726633c4048a9be330c9a8b52bf02632073f6c7db7696 |
| SHA512 | a7541bfb68dcc137ee05d9499bcf36b079ef9f7f64cbc906e228eb64ff6cca94a838a52941b907aafa5680498bf55a67606cde97086242ba4a10a1e6a0697bf1 |
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 79e6beb60b4627739fc23c89484618f5 |
| SHA1 | 9a829aa491305ae680f531b49858ad0113e77c34 |
| SHA256 | d620980062d66fe029d48a5a2a7d1199500c85fa851213b4cd3da36ad34523f7 |
| SHA512 | cb9f37d9288a56e3b3faa5b5327173052dc400ee6f348d77ef0a39e349ffb05fb5dbada8d00c40ea0d10942b780ddf65d43afeb860b72cc4c062f72bac8d9b81 |
memory/2956-172-0x000000001AB50000-0x000000001ABD0000-memory.dmp
memory/1888-171-0x0000000000400000-0x00000000032F7000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | 51aaa6d0db93ed95d293606b703596d8 |
| SHA1 | e6fab51c9276492662e73ee9dcc00f302430ea78 |
| SHA256 | 871f7da600cbeaea91b493f438ebb859d8e13fcfcbd622ce4ee6279a6c1ec1cf |
| SHA512 | f317e15f7b2c70640efb353a432944276d6bebea760815d7917f8fc9918e330c28858dff66f92239706df981be325893b0334d4d4f33ef01aa6bc9f994a0118c |
memory/2736-173-0x00000000020E0000-0x0000000002906000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\setup_install.exe
| MD5 | fab704c3862974f85fea8a3062748251 |
| SHA1 | 84ec57f3fdb81feca3cfd49a44724299e5cf0576 |
| SHA256 | 334dac5b4b57a915baf7443399b6d043de7341031f36d8f161dafb5f4172babe |
| SHA512 | b22395be717105320099f636d5f80b0ee11fb68b1a6b0fee45904bf8d8aab5e06909ef8bc3b6733db9115c9e0b4894a6fbae7b3e0d51023bb0c8da8eb832ddec |
memory/1248-175-0x0000000002AB0000-0x0000000002AC6000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 496d18ee0da2ad5b1f9b1f933ad5d7ca |
| SHA1 | aa1f5afd977985948576a893d5ae761de82b407b |
| SHA256 | 7b75c6218f4345e78297dd3977040ca8567fbf0c3d5d9b6b1771aeed102bfb2f |
| SHA512 | 398388f1cdd4826038d028a5e6c62eb44a726123901fd58de9df5cbfc38f7fb8394d4104748681dca44f8585781bd219d93f04cff65c2a97b025d72150abb772 |
memory/1888-176-0x0000000000400000-0x00000000032F7000-memory.dmp
memory/2696-210-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2696-209-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/2696-207-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2696-208-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2696-206-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2696-205-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/2980-220-0x0000000000400000-0x000000000334B000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC59B6C76\dc56b88fa7bd64.exe
| MD5 | 2b3b5b912bb7d5d7b0cc328240d8524a |
| SHA1 | 39a2180df43eda4ad683b12f14c6f0d0af1e911a |
| SHA256 | c12ff20679f5a6e349900bab6793dd21011bce31067a2bb321c022a0df3faccf |
| SHA512 | 3301a0a9376ae1e6d94badc9f37bd5ca95513fc83e951eafdc1157c0218ebf522fa6315bbef8bea3177b0e7e5b3951596ee64118a2f3d3cac472840fead44742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c71e571b5f5673ef54156b0ae49d244 |
| SHA1 | 59ad775359f1861eecd93d860450650c600c6ba6 |
| SHA256 | fa5be67bfd817d964a3855436e6b468a75599f13bdf38cff9c4ab612c5c9bcef |
| SHA512 | ac36580713431932d3cc2ab1d242c0ded589efcf9525d7d617c9585784c3883376a5170faf805daa8f9f6d9941a348d6b7a8db8190c906c4bec6365fbd5380a0 |
C:\Users\Admin\AppData\Roaming\jcdsguj
| MD5 | b92770cf1b08a5a3187eae94d09c0cdb |
| SHA1 | 837cb5b6c195967e22b8b4558b50f95c1fc7380a |
| SHA256 | 02b0ee35bffb2f8c80e50599d2f0ca3c8aedc56ec6c37dbc324e404a4d53e1fd |
| SHA512 | 40e93e7427558b7ba8b3930771f9d8f906627b7b84419c28e36d9f50548b500ce580c7bf9c08f584088415aa314c835e0b1f82c58d15d22d06c29be41cab37a3 |
memory/568-324-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
memory/2956-344-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp
memory/2004-350-0x0000000000F90000-0x00000000017B6000-memory.dmp
memory/2004-351-0x00000000017C0000-0x0000000001FE6000-memory.dmp
memory/2980-352-0x0000000000300000-0x0000000000400000-memory.dmp
memory/568-353-0x000000001B230000-0x000000001B2B0000-memory.dmp
memory/2736-356-0x00000000020E0000-0x0000000002906000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 01:43
Reported
2023-12-30 14:21
Platform
win10v2004-20231215-en
Max time kernel
38s
Max time network
158s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NullMixer
PrivateLoader
RisePro
SmokeLoader
Vidar
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0a7b9a3a120d129f53edd0c6fa2564b2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\2e80f89eab2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\dc56b88fa7bd64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\ae53a1dbd6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\d8209827f876d25.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\b7816bfa03.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\system32\backgroundTaskHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\b7816bfa03.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\2e80f89eab2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0a7b9a3a120d129f53edd0c6fa2564b2.exe
"C:\Users\Admin\AppData\Local\Temp\0a7b9a3a120d129f53edd0c6fa2564b2.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 0c1a94348.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ae53a1dbd6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 72a3df5b6765f57.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c d8209827f876d25.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b7816bfa03.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c dc56b88fa7bd64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2e80f89eab2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 38a72d1941.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe
38a72d1941.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3884 -ip 3884
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\ae53a1dbd6.exe
ae53a1dbd6.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\dc56b88fa7bd64.exe
dc56b88fa7bd64.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe
72a3df5b6765f57.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\2e80f89eab2.exe
2e80f89eab2.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\b7816bfa03.exe
b7816bfa03.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\d8209827f876d25.exe
d8209827f876d25.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\0c1a94348.exe
0c1a94348.exe
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe" -a
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Users\Admin\AppData\Roaming\ehsigcj
C:\Users\Admin\AppData\Roaming\ehsigcj
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | watira.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 53.96.141.3.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| N/A | 127.0.0.1:49600 | tcp | |
| N/A | 127.0.0.1:49604 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 8.8.8.8:53 | aucmoney.com | udp |
| US | 8.8.8.8:53 | thegymmum.com | udp |
| US | 8.8.8.8:53 | atvcampingtrips.com | udp |
| NL | 37.0.11.8:80 | tcp | |
| US | 8.8.8.8:53 | kuapakualaman.com | udp |
| US | 8.8.8.8:53 | renatazarazua.com | udp |
| US | 8.8.8.8:53 | nasufmutlu.com | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 172.67.133.215:80 | wfsdragon.ru | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| GB | 96.16.110.41:443 | tcp | |
| US | 192.229.221.95:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe
| MD5 | 30dd6a1c785c32523047663952d1e13d |
| SHA1 | ade55eaa7ca9781e5536f776ec104e10f344d7a5 |
| SHA256 | cf3d67165005cc488a7c5d2c2511ae5aff92ac4388e7fc6bc73060af112ce9d0 |
| SHA512 | aa6def357ef9d233ed290bafc46036468bb82db0800085798674a2b74e3923f427ff5ab04c8bfa031ac8d15e98f356201400e30636fda453cb0ff2a3e1f1f516 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe
| MD5 | 69e9a20efc45f47bd0c646c7b79746eb |
| SHA1 | a770f4f9d6b0a311852198c8ae873b0cf899b8af |
| SHA256 | 590cb3af3cdf8128482a550c5e91c2d0adfc7be7f95e2d6e3644de9251460b44 |
| SHA512 | e0980c11c02ccbcc91f5f876e5b65b3663a0497f312a368a4e68be48784fcf250f1504cffbbccebae66175c8fb603133a21de3b986dcd15654337e1468b2abf0 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\setup_install.exe
| MD5 | 2175658e1fcec76a17af6bae6b89d693 |
| SHA1 | 1f2da5edc28b70734dca5a7b563d4251a2b881cd |
| SHA256 | 407a0d64733bae9130f9530ee3a64df6f9e163efb3472d3b857007f82f71c91d |
| SHA512 | 82aaa490979193d947f05a786a1853d2eea36a322b83c16fc565bde778aebbd97e9b96be0e5eb652b9e253e5ed47aa8e0586df42344cb9c063daa74ccd99ec13 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
memory/3884-25-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3884-29-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3884-30-0x0000000000F10000-0x0000000000F9F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
memory/3884-34-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-35-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3884-37-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3884-36-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3884-38-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3884-40-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-39-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-42-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-41-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-43-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3884-44-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\0c1a94348.exe
| MD5 | a508b5d5aa6d99b8c3d838e8ddfa2094 |
| SHA1 | 9dd372c7b65f4b95a7f5fe1bc8a86417eaa5223a |
| SHA256 | 6978e86b3708438492944ecfa2fb06001c0372905fa1f820d145437546a2dc70 |
| SHA512 | 2383cb732a895b34b0a36259ec550b2a62c4cda138127845744935fca74228525024d6153b3d244fb60443663d08276c8e63fde0bd6f237340828e27b2478068 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\ae53a1dbd6.exe
| MD5 | 0c42958395907fb667234e10bdeb3b13 |
| SHA1 | 1af2dbdb57669e979effb1779db88c76ada28692 |
| SHA256 | 66c668f22e3a7a6e3a33f234a8964385989b5fbb4730e0e5bed56fd65cccb813 |
| SHA512 | da403190df53f757ca16ec6e3e5f5ee682053abf66a76f52ffc62476876b25f9ffe4ca9535c6b7cf7fc6f32d9913ed12cc7ee72dc99749e1fcdfa755e2ee6fce |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe
| MD5 | bbb4bf1874c6aa848fed02937d6fdfed |
| SHA1 | 0c2448d8ee34cabadb2cda9645ff1f357f0cbc6b |
| SHA256 | 995fadfd5fda48492e08b3377e91578fc2d52127d530aacda18c463a20c6373f |
| SHA512 | 5c607d29eb241a181fb76c4ebe38d8bd8a328f02f39d2e1e68615d2d7a238a4ea19d4b34643042343c0448facf1180a5053bd424a3a61f74f17aecbe0450744a |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\dc56b88fa7bd64.exe
| MD5 | ea851f7d3444c4ff1039e6bbe8d74c11 |
| SHA1 | 953d9c05d4dc8a91dd47328d8ddd5a9cb5b8c2f0 |
| SHA256 | 4de84c3c90d688e3a9f69d49e5cad4167a40aa4c98f29d35b36da770c43b8e3e |
| SHA512 | e407accc4dd032bf354a309f6e860b921083c222c8304bab0057230cfeaa3ed959c45b8bf663109c7cb9f485644121fb35d66da00f0a0ccd2aea0806c66a1db0 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\2e80f89eab2.exe
| MD5 | 249f4b4a357ca5315c51a6365976490a |
| SHA1 | 61e01fc35dbcf5818904072f2622806959c14dd1 |
| SHA256 | b45ef323a3878ae53aaed179e40c321b3dfe81cd88129f1168911ded606e345b |
| SHA512 | cdd2c0a2597be7b6be42d7ba6813af7a046b5fb486620016b74e08146d65c25cb50565913c888b0ac456479f2c3ba513d26e2004ed25cd4519c9a0993daf376f |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\b7816bfa03.exe
| MD5 | 83cc20c8d4dd098313434b405648ebfd |
| SHA1 | 59b99c73776d555a985b2f2dcc38b826933766b3 |
| SHA256 | 908b275d6fc2f20e9d04e8609a9d994f7e88a429c3eb0a55d99ca1c681e17ec8 |
| SHA512 | e00009e1f322a1fe6e24f88a1cc722acf3094569174e7c58ebf06f75f50a7735dcebf3e493886bbdc87593345adc8bb7b6f2daca2e64618f276075a0bb46bb8c |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\ae53a1dbd6.exe
| MD5 | 22059847d8fa60fe8eabba11d3bac0f8 |
| SHA1 | 151a609099722f3d78b9769a604a882aa9b44f37 |
| SHA256 | 5974ae44f8a95fc4c81775aa6c6ae31eaff5be20ee9a06c3e322d9393898c329 |
| SHA512 | 3f1f27fbeb7f42f4acce5f71964925591d72d8135abd2077e8623f3e53b598633b4d9612ba3e65207623d260da918d009a90e46f6da3daad33511490e8ba9e34 |
memory/4792-84-0x0000000000CB0000-0x0000000000CB8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\72a3df5b6765f57.exe
| MD5 | c0d18a829910babf695b4fdaea21a047 |
| SHA1 | 236a19746fe1a1063ebe077c8a0553566f92ef0f |
| SHA256 | 78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98 |
| SHA512 | cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\38a72d1941.exe
| MD5 | 6269626f2a26c49e1ddc4cc4266ad3c2 |
| SHA1 | e9c4590dcc81c47066b830b03dbfb3b296e02a85 |
| SHA256 | 2aa8d4e4862b3aaa1b418b0457fd9d96aa5b28f7792962ece5a010f357e51839 |
| SHA512 | d2be3f80345dbfc02696edb3c9b5213c1e2201100a3c2f013eedb1aa74c272d0cdde00518523f9071b58efadfe34ee474f1d8015805b26ce97511e318a22843d |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\d8209827f876d25.exe
| MD5 | 5866ab1fae31526ed81bfbdf95220190 |
| SHA1 | 75a5e08b3b9ad2dff35dfbbb3ffe8d983c2be25f |
| SHA256 | 9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e |
| SHA512 | 8d99ab09e84e4ef309da34be94946cbfcffeb1c0ca49e2452deb738d801e551062ebb134f1b99a9baf03003a8e720d525521ce09aeac341d3cba3fcfbc618fb5 |
memory/3012-87-0x0000000000370000-0x0000000000B96000-memory.dmp
memory/3884-89-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/3884-91-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3884-92-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3884-93-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3588-90-0x00000000009E0000-0x0000000000A0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\dc56b88fa7bd64.exe
| MD5 | fcce864840d6700d71a8d68668d7a538 |
| SHA1 | fef82b13a6565e5da4eaf24ce6566c513c6a58fd |
| SHA256 | 0d017311cfc1554b76481b6b0d40d1c150c1a0aedcda302f513c01de0b1f4e4c |
| SHA512 | 3f01d5cd486b3394c46896f0d2c9eed1e6e1825c15e729ab357105d562fc0b73e7a7ab69f56107ae3e6941acff5dec43c3bbdda023909723c47547ea2d51d740 |
C:\Users\Admin\AppData\Local\Temp\7zS4B76ABB7\2e80f89eab2.exe
| MD5 | 181f1849ccb484af2eebb90894706150 |
| SHA1 | 45dee946a7abc9c1c05d158a05e768e06a0d2cdc |
| SHA256 | aeb2d203b415b00e0a23aa026862cec8e11962fdb99c6dce38fb0b018b7d8409 |
| SHA512 | a87485005ca80e145a7b734735184fa2d374a7f02e591eec9e51b77dc2a51be7f8198ce5abfceb9546c48bf235a555f19d6c57469975d0b4c786b0db16df930c |
memory/3884-94-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3588-95-0x00000000011A0000-0x00000000011A6000-memory.dmp
memory/3884-97-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/4792-99-0x00007FFCADD60000-0x00007FFCAE821000-memory.dmp
memory/4792-100-0x000000001B870000-0x000000001B880000-memory.dmp
memory/3012-102-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-101-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-103-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-104-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-106-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-107-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-105-0x0000000076450000-0x0000000076540000-memory.dmp
memory/1324-110-0x00000000001C0000-0x00000000001C9000-memory.dmp
memory/3164-111-0x0000000003420000-0x00000000034BD000-memory.dmp
memory/3012-109-0x0000000077304000-0x0000000077306000-memory.dmp
memory/3588-112-0x00007FFCADD60000-0x00007FFCAE821000-memory.dmp
memory/1324-113-0x0000000003510000-0x0000000003610000-memory.dmp
memory/3164-114-0x00000000034F0000-0x00000000035F0000-memory.dmp
memory/3012-108-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3588-115-0x00000000011B0000-0x00000000011D2000-memory.dmp
memory/3588-117-0x00000000011E0000-0x00000000011E6000-memory.dmp
memory/3012-118-0x0000000000370000-0x0000000000B96000-memory.dmp
memory/1324-119-0x0000000000400000-0x00000000032F7000-memory.dmp
memory/3012-120-0x0000000005C50000-0x0000000006268000-memory.dmp
memory/3012-121-0x0000000005500000-0x0000000005512000-memory.dmp
memory/3012-122-0x0000000005560000-0x000000000559C000-memory.dmp
memory/3164-123-0x0000000000400000-0x000000000334B000-memory.dmp
memory/3588-124-0x000000001B5F0000-0x000000001B600000-memory.dmp
memory/3884-126-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3884-127-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3012-129-0x0000000005770000-0x00000000057BC000-memory.dmp
memory/3884-130-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3884-131-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/3884-128-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3012-132-0x0000000005910000-0x0000000005A1A000-memory.dmp
memory/3376-133-0x0000000002D10000-0x0000000002D26000-memory.dmp
memory/1324-135-0x00000000001C0000-0x00000000001C9000-memory.dmp
memory/3164-138-0x0000000000400000-0x00000000004A1000-memory.dmp
memory/3164-137-0x0000000003420000-0x00000000034BD000-memory.dmp
memory/3012-140-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-139-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-145-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-146-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-147-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-144-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-143-0x0000000076450000-0x0000000076540000-memory.dmp
memory/3012-142-0x0000000076450000-0x0000000076540000-memory.dmp
memory/4792-141-0x000000001B870000-0x000000001B880000-memory.dmp
C:\Users\Admin\AppData\Roaming\ehsigcj
| MD5 | a1fa37e471a48f7c3f3e2b151f60a650 |
| SHA1 | 7766f3bd7261e3b78fa4a30d5ebce18ff3f8f29a |
| SHA256 | ed5985f6d710c502c8614486ae37d3e08fd4897dae51d1d7e090ae1068e3da95 |
| SHA512 | 772370bf44b9ce2f6523917435493b0fdf4b9c08d4a58f68b460897d66f8f386158b3081fd85b8b79b8afb684390ca537fe13c8b2d7cf7c57f2438711293d2f0 |
C:\Users\Admin\AppData\Roaming\ehsigcj
| MD5 | 9a18ee63c220f10953626fbd990a0c9f |
| SHA1 | c9b7929d80ab571f381083252463d29fd8281d8f |
| SHA256 | 77a380a82f5e19f033940eb213434a0a739fd683289fe41a33d9ed2702b7eb20 |
| SHA512 | 1f5ef80da5a00987a3b687ddab56f2ce2be07c786fd0aff09baf28f7bb5927f8311b67f279b6a94d8f08178a4dffc709129cc423fe4144c9a59093bd0b361557 |
C:\Users\Admin\AppData\Roaming\ehsigcj
| MD5 | d94e351ac62153e4631717e8e9eb8929 |
| SHA1 | 507272debc80dfc4581d23fd6f779466d5f5bafd |
| SHA256 | 7652007392c2b84ce2c89224ed050ae1d6440f1bc9fecbc17feeb9a90eec59de |
| SHA512 | e0ead56165cd10cbefed78cd5cef72d96cb690cb59b66cbf0f701c183c006476ecc17a6f7dc8e5a92b255a83ae2db0137402becc7559e46457698d2691cb998e |
memory/888-156-0x0000000003510000-0x0000000003610000-memory.dmp
memory/888-157-0x0000000000400000-0x00000000032F7000-memory.dmp
memory/3376-158-0x00000000010C0000-0x00000000010D6000-memory.dmp
memory/888-159-0x0000000000400000-0x00000000032F7000-memory.dmp