Analysis Overview
SHA256
cf8a60b5e39660a02d37d4d5f1d28e392427c1da05142d4a651cd1c267d07cc1
Threat Level: Known bad
The file 0b6b2968e8f090b22bc47abab70c4dd0 was found to be: Known bad.
Malicious Activity Summary
ZGRat
SmokeLoader
Detect ZGRat V1
RisePro
NullMixer
Vidar
PrivateLoader
Vidar Stealer
ASPack v2.12-2.42
Executes dropped EXE
Loads dropped DLL
Themida packer
Checks computer location settings
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 02:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 02:19
Reported
2023-12-31 08:49
Platform
win7-20231129-en
Max time kernel
0s
Max time network
149s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Vidar
ZGRat
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zSC7752636\b001a8f56.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe
"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\20383e5a9a4c5112.exe
20383e5a9a4c5112.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\b001a8f56.exe
b001a8f56.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe" -a
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\27ce46284501.exe
27ce46284501.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\79d822fc709e78.exe
79d822fc709e78.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\f9a302645.exe
f9a302645.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe
e9e6055abb695524.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\3d0c613fcb2403.exe
3d0c613fcb2403.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\2d7080268fee447.exe
2d7080268fee447.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 416
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b001a8f56.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f9a302645.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 27ce46284501.exe
C:\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe"
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 956
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 74.114.154.18:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 172.67.75.166:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 172.67.75.166:443 | api.db-ip.com | tcp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 104.18.146.235:80 | www.maxmind.com | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | aucmoney.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 3.20.137.44:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | thegymmum.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | atvcampingtrips.com | udp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | kuapakualaman.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | renatazarazua.com | udp |
| US | 8.8.8.8:53 | nasufmutlu.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.11.8:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 172.67.133.215:80 | wfsdragon.ru | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.20.137.44:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
memory/2796-44-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-51-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-53-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2796-55-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-59-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-63-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/1152-117-0x0000000000B70000-0x0000000000B9E000-memory.dmp
memory/1152-129-0x0000000000240000-0x0000000000246000-memory.dmp
memory/1152-131-0x0000000000250000-0x0000000000272000-memory.dmp
memory/2960-132-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp
memory/2152-134-0x0000000001210000-0x0000000001A36000-memory.dmp
memory/2152-136-0x0000000001A40000-0x0000000002266000-memory.dmp
memory/2152-140-0x0000000077E60000-0x0000000077E62000-memory.dmp
memory/2336-139-0x0000000000250000-0x0000000000259000-memory.dmp
memory/2336-138-0x0000000003430000-0x0000000003530000-memory.dmp
memory/2152-137-0x0000000001A40000-0x0000000002266000-memory.dmp
memory/2152-135-0x0000000001210000-0x0000000001A36000-memory.dmp
memory/1152-133-0x0000000000270000-0x0000000000276000-memory.dmp
memory/1152-130-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp
memory/2336-141-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/1240-143-0x0000000003350000-0x00000000033ED000-memory.dmp
memory/1240-142-0x00000000034B0000-0x00000000035B0000-memory.dmp
memory/2960-111-0x0000000000A10000-0x0000000000A18000-memory.dmp
memory/1240-144-0x0000000000400000-0x000000000334B000-memory.dmp
memory/1152-147-0x000000001AE70000-0x000000001AEF0000-memory.dmp
memory/2960-146-0x000000001AC20000-0x000000001ACA0000-memory.dmp
memory/1964-145-0x0000000002A70000-0x0000000003296000-memory.dmp
memory/2796-62-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2796-61-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2796-60-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-58-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-57-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-54-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-52-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-43-0x000000006B280000-0x000000006B2A6000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe
| MD5 | 5bda86c200ce3cb2d69c723a5e33ee7f |
| SHA1 | 3ae6b41ddd271eae3225285844afba2a67f6664a |
| SHA256 | 74db2527f5f87d5916b041b6a45fb9b0f650c756f13f295344c9c1e6778b6d27 |
| SHA512 | 7485c29cef947a0b16b6b58a524f3e656e73215bfe225c980616669f7d5690d1b8fa193efd61c374304d0eff85fcea7aef7352b7d9c08953dc8e11507a0a8148 |
\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe
| MD5 | a752dbb95598b6270756534e5a489792 |
| SHA1 | a1a40379c178af37c2f6985dfc6ca79d71ff8ee1 |
| SHA256 | 67807ab0b40497b17fd753c3d2f9623bd4bfea3148510b2ccb768d08f8a73193 |
| SHA512 | f75d5e13d850ac15e371c518efe1066e624cdef6a3e4dffc0d61dcda5270942942f7a4e5664ee7298142b4535df56a1c527661f65531c6dd9a3b33c4e90307a9 |
memory/1248-158-0x0000000002F00000-0x0000000002F16000-memory.dmp
memory/2336-159-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/2796-268-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2796-267-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/2796-266-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2796-265-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2796-264-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2796-263-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/1240-269-0x0000000000400000-0x000000000334B000-memory.dmp
memory/1152-282-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp
memory/2960-283-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp
memory/2152-303-0x0000000001A40000-0x0000000002266000-memory.dmp
memory/1240-304-0x00000000034B0000-0x00000000035B0000-memory.dmp
memory/2152-302-0x0000000001210000-0x0000000001A36000-memory.dmp
memory/1152-307-0x000000001AE70000-0x000000001AEF0000-memory.dmp
memory/2960-306-0x000000001AC20000-0x000000001ACA0000-memory.dmp
memory/1964-305-0x0000000002A70000-0x0000000003296000-memory.dmp
memory/1152-377-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 02:19
Reported
2023-12-31 08:49
Platform
win10v2004-20231215-en
Max time kernel
1s
Max time network
153s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NullMixer
PrivateLoader
RisePro
SmokeLoader
Vidar
ZGRat
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 1968 | N/A | C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe |
| PID 2180 wrote to memory of 1968 | N/A | C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe |
| PID 2180 wrote to memory of 1968 | N/A | C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe
"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\79d822fc709e78.exe
79d822fc709e78.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\27ce46284501.exe
27ce46284501.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\b001a8f56.exe
b001a8f56.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2196 -ip 2196
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe
"C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe" -a
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 552
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\2d7080268fee447.exe
2d7080268fee447.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\f9a302645.exe
f9a302645.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\3d0c613fcb2403.exe
3d0c613fcb2403.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe
e9e6055abb695524.exe
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\20383e5a9a4c5112.exe
20383e5a9a4c5112.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b001a8f56.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f9a302645.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 27ce46284501.exe
C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4940 -i 4940 -h 504 -j 508 -s 520 -d 4364
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 74.114.154.18:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.154.114.74.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| NL | 37.0.11.8:80 | tcp | |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 104.21.5.208:80 | wfsdragon.ru | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 626f9d0d6499c9e1016ec4245fdbfee4 |
| SHA1 | c45e1ae57da311a76f1dd0e1cfe6b3e27e5dc9db |
| SHA256 | 2612ca965f952e5ac4d1237e5abb6f59fe7271a6f269390040fef18ad3ecf68d |
| SHA512 | 20b7f9fa8119ba2f222257cbe7a609c38dba06b3ba428c5a4d2613504a12dde9861d7a41fe876098060f378290a1f403f4e4828daa09def215dc03cf361468d5 |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | e66948ebeb735a7c04f31d7c15c52218 |
| SHA1 | 4f9303fb1f681c5ca43c3c528555c5aa0ee3776b |
| SHA256 | 1a218c13da3233bc4fe428496f708c41b0e4a324a142d06a0892b401ad778f74 |
| SHA512 | 868675c16a843bd5d5951d21af5db3835a99fde040af287a9c8f171ed5507a4c15d5408511ab8a8dbcee4cd09a5343e9d8ff3ebce1dd9789a335e2434079100c |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 027a4c327eb70a6d215ac25ad2db2190 |
| SHA1 | bca81908c676bba1f5d1ae8275dc2e2c2e1e2d7f |
| SHA256 | 7e237e4568b58a061a8c1a1f22f32fa449d856c8904502c59c834bda39bec9f6 |
| SHA512 | c869bfa136a45974e958fd89cdc59789e6a59b67f29f2c9d851487e01276eb9559f1385417439b870447286aeaa3a10c38fec00cb2624ff6a3c4e4fc71cd7ffc |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe
| MD5 | 86b49d73977a0c16444827b7e707a04f |
| SHA1 | 3e346786cbb339548eb7c7688bb0716d8353f291 |
| SHA256 | 3ccd8d12972f120f4fce32210dd6afe793536bef049bfece303851d457540827 |
| SHA512 | 7de58669a50e5bc1eb41ec1aebe229adbf3aedd37434cb22f4bc34488ef39dae89ffe3b138a1d051cd7c9f4366458e8e8632f48494a8c70583a1b168696a1996 |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe
| MD5 | e34a32d947191b4349114f21025d9a6b |
| SHA1 | a1a3484c1b893126a0b8de6340bf28c18fd0e953 |
| SHA256 | ebec2c8424f0f8490551e81162a364e7b395e32a3705b1d18ddbf46c195d1105 |
| SHA512 | 872d9e6d9fdb67099b852dfd2168bf3476f50e2186dac2d053d8d853a65694fd5f0f587cb3ca7766254321f8d4588409e565b974c772fb5b7b99ec6a94e78649 |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/2196-43-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2196-46-0x0000000001610000-0x000000000169F000-memory.dmp
memory/2196-45-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2196-51-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-55-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3552-100-0x0000000002850000-0x0000000002856000-memory.dmp
memory/2728-101-0x00000000009C0000-0x00000000011E6000-memory.dmp
memory/2728-103-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/3552-104-0x0000000002860000-0x0000000002882000-memory.dmp
memory/2728-106-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-109-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/3552-110-0x0000000002880000-0x0000000002886000-memory.dmp
memory/2728-112-0x00000000009C0000-0x00000000011E6000-memory.dmp
memory/2728-113-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-118-0x0000000005AB0000-0x0000000005AC2000-memory.dmp
memory/2728-119-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-120-0x0000000005B10000-0x0000000005B4C000-memory.dmp
memory/3548-123-0x0000000003420000-0x00000000034BD000-memory.dmp
memory/1180-124-0x0000000003560000-0x0000000003660000-memory.dmp
memory/3552-122-0x000000001B3E0000-0x000000001B3F0000-memory.dmp
memory/2728-125-0x0000000005B50000-0x0000000005B9C000-memory.dmp
memory/2728-121-0x00000000771C4000-0x00000000771C6000-memory.dmp
memory/2728-117-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-115-0x00000000062B0000-0x00000000068C8000-memory.dmp
memory/1180-126-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/4536-114-0x00007FFD90940000-0x00007FFD91401000-memory.dmp
memory/3548-127-0x0000000003540000-0x0000000003640000-memory.dmp
memory/2728-111-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-108-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/4536-102-0x000000001B570000-0x000000001B580000-memory.dmp
memory/4536-88-0x00000000008F0000-0x00000000008F8000-memory.dmp
memory/3552-91-0x00007FFD90940000-0x00007FFD91401000-memory.dmp
memory/3552-83-0x00000000007D0000-0x00000000007FE000-memory.dmp
memory/1180-133-0x00000000001C0000-0x00000000001C9000-memory.dmp
memory/2196-136-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-135-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/3552-138-0x00007FFD90940000-0x00007FFD91401000-memory.dmp
memory/2196-132-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2196-134-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2196-131-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2196-130-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/2728-128-0x0000000005DA0000-0x0000000005EAA000-memory.dmp
memory/3548-129-0x0000000000400000-0x000000000334B000-memory.dmp
memory/2196-54-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2196-53-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-52-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-49-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2196-48-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2196-47-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2196-44-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2196-42-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libgcc_s_dw2-1.dll
| MD5 | 51b67160269ef5a1e6c0ab2ed6426ef6 |
| SHA1 | 5b958a2c248a7f83110b50aa097b43db9ed8e26d |
| SHA256 | 21ebbc581c060da3ed032643250b13fede7d593b99783aef44b6b5f554a45511 |
| SHA512 | 10a6cc16cfb098e3cb32f0d96311f33dc9a1ac46155170b8f5eada41a36cbfa6fe6b00ff65211eda18b3965d86d127407f1cf4ad84f816b34b2345c496bb738e |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
memory/2728-140-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/4536-139-0x000000001B570000-0x000000001B580000-memory.dmp
memory/2728-146-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2728-145-0x0000000076F40000-0x0000000077030000-memory.dmp